Steam Phishing Kit tu2yq4ic

Steam Phishing Kit that uses a fake Steam login window to steal user credentials.

References

https://urlscan.io/result/21e56cd4-f042-4856-86cb-192372b403b7
https://urlscan.io/result/f77fb88a-d6cc-4355-92e5-0527ddd5cf00
https://urlscan.io/result/0a4bd282-305a-47cc-b239-c251d53f7382

IOK Rule (edit)

title: Steam Phishing Kit tu2yq4ic
description: Steam Phishing Kit that uses a fake Steam login window to steal user credentials.

references:
  - https://urlscan.io/result/21e56cd4-f042-4856-86cb-192372b403b7
  - https://urlscan.io/result/f77fb88a-d6cc-4355-92e5-0527ddd5cf00
  - https://urlscan.io/result/0a4bd282-305a-47cc-b239-c251d53f7382

detection:

  warning:
    html|contains: 
      - '<div id="NotLoggedInWarning" class="modal_frame">'

  breadcrumbs:
    js|contains|all:
      - 'vgywykkm.uq'
      - 'lppfocvr.fo'
      - '.oxisae'
      - '.zooms'
      - '#groobly'
      
  condition: warning and breadcrumbs

tags:
  - kit
  - target.steam