Steam Phishing Kit 4540135

Steam phishing kit containing an image (sha256: 8c89c4f3023d02b04197a30ca20f42ca7eb2634e1432ffff7b9d641a1f71a066) that only appears in phishing pages. It uses Discord Nitro as a lure to make the victim willingly give away their login credentials.

References

https://urlscan.io/search/#hash%3A8c89c4f3023d02b04197a30ca20f42ca7eb2634e1432ffff7b9d641a1f71a066

IOK Rule (edit)

title: Steam Phishing Kit 4540135
description: |
  Steam phishing kit containing an image (sha256: `8c89c4f3023d02b04197a30ca20f42ca7eb2634e1432ffff7b9d641a1f71a066`) 
  that only appears in phishing pages. 
  It uses Discord Nitro as a lure to make the victim willingly 
  give away their login credentials.
  
references:
  - https://urlscan.io/search/#hash%3A8c89c4f3023d02b04197a30ca20f42ca7eb2634e1432ffff7b9d641a1f71a066
  
detection:

  image:
    html|contains: 'https://cdn.discordapp.com/attachments/454013565381115916/938124584446754846/nitro.png'
    
  condition: image
  
tags:
  - kit
  - target.steam