Unibank Phishing Kit NJdEmH

Detects a phishing kit targeting Unibank. Unibank is one of the largest private banks established in Azerbaijan. Threat actors working with this phishing kit appear to be coming from Ukraine (EVEREST AS49223).

References

Recent Detections

None found yet

We've not seen any sites matching this indicator yet. Try scanning a site you think matches this rule:

IOK Rule (edit)

title: Unibank Phishing Kit NJdEmH
description: |
    Detects a phishing kit targeting Unibank. Unibank is one of the largest private banks established in Azerbaijan.
    Threat actors working with this phishing kit appear to be coming from Ukraine (EVEREST AS49223).


references:
    - https://unibank.az/
    - https://urlscan.io/result/449e4d19-254f-487b-a911-65986cf99384/
    - https://urlscan.io/result/ae412a17-f89b-4f4b-99df-de652b4ddcb9/
    - https://urlscan.io/result/6dab8fb5-4667-4ddd-8a28-c4bfc1ff86ec/

detection:

    title:
      html|contains:
        - <title>UNÄ°BANK</title>

    form:
      html|contains:
        - form name="form" id="form" method="post" action="indexSend.php" autocomplete="off" onsubmit="return validation()"

    facebookDomainVerification:
      html|contains:
        - meta name="facebook-domain-verification" content="atzt8tk6o7zuo0wjw3fgp66oqag9uq"


    condition: title and form and facebookDomainVerification

tags:
  - kit
  - target.unibank
  - target_country.azerbaijan