Tuya Redirect 4eWQNc

Detects a phishing landing page for the Colombian bank and credit card issuer Tuya. This was found as a result of this kit being deployed on Replit.

References

https://www.tuya.com.co/
https://urlscan.io/result/630122d4-6b1b-4b56-bb13-6b6a1f28af4f/

IOK Rule (edit)

title: Tuya Redirect 4eWQNc
description: |
    Detects a phishing landing page for the Colombian bank and credit card issuer Tuya.
    This was found as a result of this kit being deployed on Replit.


references:
    - https://www.tuya.com.co/
    - https://urlscan.io/result/630122d4-6b1b-4b56-bb13-6b6a1f28af4f/

detection:

    title:
      html|contains: Portal Transaccional

    function:
      html|contains: onclick="insertclavex('0');"

    css:
      html|contains|all:
        - link href="App_Themes/404/bootstrap.min.css" type="text/css"
        - link href="App_Themes/404/Default1.css" type="text/css"
        - link href="App_Themes/404/bootstrap.min.css" rel="stylesheet"


    condition: title and function and css

tags:
  - kit
  - target.tuya
  - target_country.colombia