diff --git a/indicators/microsoft-outlook-142e470f.yml b/indicators/microsoft-outlook-142e470f.yml new file mode 100644 index 00000000..edd7c6dc --- /dev/null +++ b/indicators/microsoft-outlook-142e470f.yml @@ -0,0 +1,27 @@ +title: Microsoft Outlook Phishing Kit 142e470f +description: | + Detects a phishing kit targeting Microsoft Outlook. Users are being tricked into entering their Microsoft credentials into a fake form. This kit targets Spanish speaking users. + Found as a result of this kit being deployed on Replit. +references: + - https://urlscan.io/result/142e470f-9579-4190-a4a0-9cae5f61df9f/ + - https://urlscan.io/result/2e3b1290-d3d0-4cb1-ae45-8b7c3b5a5023/ + +detection: + + htmlContent: + html|contains|all: + - '' + + assets: + requests|contains|all: + - 'imagen.jpg' + - 'forma.css' + + + condition: assets and htmlContent + +tags: + - kit + - target.microsoft + - target.microsoft_outlook diff --git a/indicators/microsoft-outlook-ahof57.yml b/indicators/microsoft-outlook-ahof57.yml deleted file mode 100644 index d588bb4b..00000000 --- a/indicators/microsoft-outlook-ahof57.yml +++ /dev/null @@ -1,34 +0,0 @@ -title: Microsoft Outlook Phishing Kit ahoF57 -description: | - Detects a phishing kit targeting Microsoft Outlook. Users are being tricked into entering their Microsoft credentials into a fake form. This kit targets Spanish speaking users. - Found as a result of this kit being deployed on Replit. - - -references: - - https://urlscan.io/result/142e470f-9579-4190-a4a0-9cae5f61df9f/ - -detection: - - img: - html|contains: - - img src="imagen.jpg" - - css: - html|contains: - - link rel="stylesheet" type="text/css" href="forma.css" - - form: - html|contains: - - form action="conexion.php" method="post" - - submitButton: - html|contains: - - input class="boton" type="submit" value="Siguiente" - - - condition: img and css and form and submitButton - -tags: - - kit - - target.microsoft - - target.microsoft_outlook