Steam Phishing Kit ee34fa99

A Steam phishing kit that uses a fake Steam login window to steal user credentials and 50/100$ gift cards as bait.

References

https://urlscan.io/result/ee34fa99-6cf8-4b16-8cf5-e617e238dea0
https://urlscan.io/result/d09c1f36-773f-437c-b533-4dced6cecc1f

IOK Rule (edit)

title: Steam Phishing Kit ee34fa99
description: |
  A Steam phishing kit that uses a fake Steam login 
  window to steal user credentials and 50/100$ gift 
  cards as bait.

references:
  - https://urlscan.io/result/ee34fa99-6cf8-4b16-8cf5-e617e238dea0
  - https://urlscan.io/result/d09c1f36-773f-437c-b533-4dced6cecc1f

detection:

  saleBannerGif:
    requests|contains: 'https://s12.gifyu.com/images/'

  siteMetrics:
    requests|contains: 'metrica.php'

  giftFrom:
    html|contains: 'auronplay'
 
  condition: siteMetrics and saleBannerGif and giftFrom

tags:
  - target.steam
  - threat_actor_country.russia