Steam Phishing Kit JcQRrby

These are usually spread on Discord and are typically hidden under default Wordpress blogs.

References

https://urlscan.io/result/9c91b94b-eaa4-4ed3-b6ff-67a65ecaadb0/
https://urlscan.io/result/882799cc-0025-47e9-b8d3-41376a41e7c2/
https://urlscan.io/result/ae8d6f7e-3848-407d-8f2e-9102e837c8a3/

IOK Rule (edit)

title: Steam Phishing Kit JcQRrby
description: These are usually spread on Discord and are typically hidden under default Wordpress blogs.

references:
  - https://urlscan.io/result/9c91b94b-eaa4-4ed3-b6ff-67a65ecaadb0/
  - https://urlscan.io/result/882799cc-0025-47e9-b8d3-41376a41e7c2/
  - https://urlscan.io/result/ae8d6f7e-3848-407d-8f2e-9102e837c8a3/

detection:

  pageTitle:
    title: "University cup"

  siteLogo:
    requests|contains: 'https://i.ibb.co/JcQRrby/nse.png'

  condition: pageTitle and siteLogo

tags:
  - kit
  - target.steam