Detects a phishing kit targeting Unibank. Unibank is one of the largest private banks established in Azerbaijan. Threat actors working with this phishing kit appear to be coming from Ukraine (EVEREST AS49223).
title: Unibank Phishing Kit NJdEmH
description: |
Detects a phishing kit targeting Unibank. Unibank is one of the largest private banks established in Azerbaijan.
Threat actors working with this phishing kit appear to be coming from Ukraine (EVEREST AS49223).
references:
- https://unibank.az/
- https://urlscan.io/result/449e4d19-254f-487b-a911-65986cf99384/
- https://urlscan.io/result/ae412a17-f89b-4f4b-99df-de652b4ddcb9/
- https://urlscan.io/result/6dab8fb5-4667-4ddd-8a28-c4bfc1ff86ec/
detection:
title:
html|contains:
- <title>UNÄ°BANK</title>
form:
html|contains:
- form name="form" id="form" method="post" action="indexSend.php" autocomplete="off" onsubmit="return validation()"
facebookDomainVerification:
html|contains:
- meta name="facebook-domain-verification" content="atzt8tk6o7zuo0wjw3fgp66oqag9uq"
condition: title and form and facebookDomainVerification
tags:
- kit
- target.unibank
- target_country.azerbaijan