Create indicator: Microsoft Outlook 142e470f (#112)

* Create microsoft-outlook-ahof57.yml * Update microsoft-outlook-ahof57.yml * Update and rename microsoft-outlook-ahof57.yml to microsoft-outlook-142e470f.yml --------- Co-authored-by: actually-akac <[email protected]> Co-authored-by: IlluminatiFish <[email protected]>
phish-report · Jul 14, 2024 · ed61f2c · ed61f2c
1 parent 1373aed
commit ed61f2c
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/indicators/microsoft-outlook-142e470f.yml b/indicators/microsoft-outlook-142e470f.yml
@@ -0,0 +1,27 @@
+title: Microsoft Outlook Phishing Kit 142e470f
+description: |
+    Detects a phishing kit targeting Microsoft Outlook. Users are being tricked into entering their Microsoft credentials into a fake form. This kit targets Spanish speaking users.
+    Found as a result of this kit being deployed on Replit.
+references:
+    - https://urlscan.io/result/142e470f-9579-4190-a4a0-9cae5f61df9f/
+    - https://urlscan.io/result/2e3b1290-d3d0-4cb1-ae45-8b7c3b5a5023/
+
+detection:
+
+    htmlContent:
+      html|contains|all:
+        - '<input id="clave"'
+        - '<div style="position:relative; top:0; margin-right:auto;margin-left:auto; z-index:99999">'
+
+    assets:
+      requests|contains|all:
+        - 'imagen.jpg'
+        - 'forma.css'
+
+
+    condition: assets and htmlContent
+
+tags:
+  - kit
+  - target.microsoft
+  - target.microsoft_outlook