Shopify phishing kit YgjX6

Shopify phishing kit containing a high-entropy CSP nonce which should be a high quality indicator.

References

Recent Detections

  • hxxp://vistamed[.]ru/wp-content/plugins/virtu/verification/A1E7E...
  • hxxps://internetshub[.]com[.]ng/angelpeeo/verification/C651M8300...
  • hxxps://internetshub[.]com[.]ng/angelpeeo/verification/5BEB242N6...
  • hxxps://www[.]ogsoft[.]cz/modules/mod_simplefileuploadv1.3/eleme...
  • hxxps://www[.]ogsoft[.]cz/modules/mod_simplefileuploadv1.3/eleme...
  • hxxps://www[.]ogsoft[.]cz/modules/mod_simplefileuploadv1.3/eleme...
  • hxxps://www[.]ogsoft[.]cz/modules/mod_simplefileuploadv1.3/eleme...
  • hxxps://vistamed[.]ru/wp-content/plugins/virtu/verification/7EEE...
  • hxxps://www[.]ogsoft[.]cz/modules/mod_simplefileuploadv1.3/eleme...
  • hxxp://shmre[.]azureedge[.]net/

IOK Rule (edit)

title: Shopify phishing kit YgjX6
description: |
  Shopify phishing kit containing a high-entropy CSP nonce which should be a high quality indicator.
references:
  - https://urlscan.io/result/a6cfccfc-0f7e-4609-9f29-4d14276813f1

detection:
  nonce:
    html|contains: 'nonce="YgjX6ESY7Epmq2JvWnoY7nPjsTKrDju2KP3CtnBB+ds="'

  condition: nonce

tags:
  - kit
  - target.shopify