Visa Phishing Kit dff000d

Detects a Visa phishing kit, that makes it seem as if the victim is purchasing something from Aramex, likely targets citizens of the UAE.

References

https://urlscan.io/result/dff000d2-d1c9-473a-a573-3510276bda14

IOK Rule (edit)

title: Visa Phishing Kit dff000d
description: |
    Detects a Visa phishing kit, that makes it
    seem as if the victim is purchasing something
    from Aramex, likely targets citizens of the UAE.

references:
    - https://urlscan.io/result/dff000d2-d1c9-473a-a573-3510276bda14

detection:

    hiddenFormCredentialID:
      html|contains: 'k0kt0yymkrk0y9am-eb-9a5b-0afc43bb000'

    hiddenFormIssuerID:
      html|contains: '5f245978abc9c57b49f6703b'
    
    hiddenTransactionID:
      html|contains: 'vP5T9ujrM8fAffJstc4FNoZGFOZ0'

    condition: hiddenFormCredentialID and hiddenFormIssuerID and hiddenTransactionID

tags:
  - kit
  - target.visa
  - target_country.uae