IOK Rules: target.discord

Steam Phishing Kit jIwQMP

Detects a phishing kit impersonating Discord and targeting Steam users with a fake popup that opens when the "Get Nitro" button is clicked. The site promises to give you a free Discord Nitro subscription upon entering your Steam credentials. This phishing kit has been discovered by the FishFish.gg team.

Bookmark Grabber bf623f6

Detects a phishing page that leverages the Dyno discord bot as a lure to install a malicious browser bookmark to steal the victim's Discord token.

Discord Nitro Phishing Kit 7a09ee6

Discord Nitro phishing kit containing a reused image asset.

Discord/Steam Phishing Kit 0BFMGg

Detects a phishing kit impersonating Discord and targeting Steam with a fake popup that opens when the "Get Nitro" button is clicked. The site promises to give you a free Discord Nitro subscription. This phishing kit has been discovered by the FishFish.gg team.

Discord Phishing Kit 4EK3uS

Detects a phishing kit targeting Discord and Steam by promising a Free Discord Nitro subscription.

Discord Hypesquad Phishing Kit 9e6c4a9

Discord Hypesquad phishing kit containing a comment left behind by the supposed developer of the kit. As well as a unique nonce value that is present.

Discord Phishing Kit ee3f9f72

Detects a `Discord` phishing kit targeting Discord users. This kit proxies all requests made by the original Discord website to the domain the kit is running on.

Discord oAuth2 Scam u8eviyps

Detects a Discord oAuth2 scam confirmation page, which is often used in combination with social engineering to get the user to authorize for a spam application. This for example enables the attacker to add the victims into further scam/advertised servers using the `guilds.join` scope.

Discord Phishing Kit 664a17b

Discord phishing kit that uses a external application invite as a lure, as well as the real DiscordServer discord bot logo to make it seem legitmate. Once the user clicks the button labelled authorize it will open a pop-up window mimicking the Discord login page pretty poorly. This rule uses the fact that the same CSS file name is used across all domains that use this kit.