Shopify phishing kit c546c6a9

Shopify phishing kit containing a high-entropy device identifier which should be a high quality indicator.

References

Recent Detections

  • hxxps://bnb-confirmed[.]ml/myshoplify/shopify/
  • hxxp://vistamed[.]ru/wp-content/plugins/virtu/verification/A1E7E...
  • hxxps://internetshub[.]com[.]ng/angelpeeo/verification/C651M8300...
  • hxxps://internetshub[.]com[.]ng/angelpeeo/verification/5BEB242N6...
  • hxxps://internetshub[.]com[.]ng/angelpeeo/verification/5BEB242N6...
  • hxxps://internetshub[.]com[.]ng/angelpeeo/verification/5BEB242N6...
  • hxxps://internetshub[.]com[.]ng/angelpeeo/verification/5BEB242N6...
  • hxxps://internetshub[.]com[.]ng/angelpeeo/verification/5BEB242N6...
  • hxxps://www[.]ogsoft[.]cz/modules/mod_simplefileuploadv1.3/eleme...
  • hxxps://www[.]ogsoft[.]cz/modules/mod_simplefileuploadv1.3/eleme...

IOK Rule (edit)

title: Shopify phishing kit c546c6a9
description: |
  Shopify phishing kit containing a high-entropy device identifier which should be a high quality indicator.
references:
  - https://urlscan.io/result/401d6161-cb5d-4e15-a9ac-20cf0a3ba857

detection:
  deviceID:
    html|contains: 'data-trekkie-device-id="c546c6a9-c197-40d4-817c-9fc681c519e9"'

  condition: deviceID

tags:
  - kit
  - target.shopify