Visa Phishing Kit dff000d

Detects a Visa phishing kit, that makes it seem as if the victim is purchasing something from Aramex, likely targets citizens of the UAE.

References

Recent Detections

None found yet

We've not seen any sites matching this indicator yet. Try scanning a site you think matches this rule:

IOK Rule (edit)

title: Visa Phishing Kit dff000d
description: |
    Detects a Visa phishing kit, that makes it
    seem as if the victim is purchasing something
    from Aramex, likely targets citizens of the UAE.

references:
    - https://urlscan.io/result/dff000d2-d1c9-473a-a573-3510276bda14

detection:

    hiddenFormCredentialID:
      html|contains: 'k0kt0yymkrk0y9am-eb-9a5b-0afc43bb000'

    hiddenFormIssuerID:
      html|contains: '5f245978abc9c57b49f6703b'
    
    hiddenTransactionID:
      html|contains: 'vP5T9ujrM8fAffJstc4FNoZGFOZ0'

    condition: hiddenFormCredentialID and hiddenFormIssuerID and hiddenTransactionID

tags:
  - kit
  - target.visa
  - target_country.uae