Suncoast Credit Union Phishing Kit 4c74e401

Detects a Suncoast Credit Union phishing kit that uses the same commented out JS and static VIcurrentDateTime value on all domains.

References

Recent Detections

None found yet

We've not seen any sites matching this indicator yet. Try scanning a site you think matches this rule:

IOK Rule (edit)

title: Suncoast Credit Union Phishing Kit 4c74e401

description: |
  Detects a Suncoast Credit Union phishing kit that uses the same commented out JS and static VIcurrentDateTime value on all domains.

references:
  - https://urlscan.io/result/4c74e401-5e7b-4c4b-89e4-2ebf29a086a8/
  - https://urlscan.io/result/6d788603-dedb-4ecc-85fc-2b8ff6dcef05/
  - https://urlscan.io/result/ecaa79cf-e514-48f4-a169-40446a3830c9/

detection:

  commentedOutJS:
    html|contains: '<script async type="text/javascript" src="ajax/css/images/custom/suncoast/sed-suncoast-46110420.js" id="_imp_apg_dip_" _imp_apg_cid_="sed-suncoast-46110420" _imp_apg_api_domain_="https://us.gimp.zeronaught.com"></script>'

  VIcurrentDateTime:
    html|contains: '<meta name="VIcurrentDateTime" content="637791568414341755">'

  condition: commentedOutJS and VIcurrentDateTime

tags:
  - target.sccu