#CAZANOVA163 #PhishingKitAuthor #phishing #phishingkit
#threatactoremail
CAZANOVA163-Tools@hotmail.com
CAZANOVA163-Free-Tools@hotmail.com
kit may contain text like
$headers = "From: CAZANOVA163 <CAZANOVA163-Tools@hotmail.com>\r\n";
$headers = "From: CAZANOVA163 <CAZANOVA163-Free-Tools@hotmail.com>\r\n";
<meta name="description" content="xPayPal_2017 v1.1 | Coded By CaZaNoVa163">
$subject = "PRIV8 V2 LOGIN INFO FROM [$country] - $ip - $xUserName";
<meta name="author" content="CaZaNoVa163">
folder structure may look like
\index.php
\home\vbv.php
\home\suspecisious.php
\home\inc\login.php
\home\inc\cc.php
\home\inc\id.php
\home\inc\bnk.php
\home\inc\vbv.php
NOTE: the 'home' folder may be renamed to many other things like 'V2' etc
They may be in folders like PRIVE8, PRIVE9 as versions change
config.php contains the #threatactoremail
Cazanova163 creates at least 2 types of phishing kits
#Priv8 ( https://phishingkittracker.blogspot.com/2019/05/priv8-phishing-kit-type.html )
#Priv9 ( https://phishingkittracker.blogspot.com/2019/05/priv9-phishing-kit-type.html )
this could potentially be related as the kit matches and was uploaded 3 years ago here
https://github.com/lestravo/lestravo ( uploaded back in 2016 , Muhamad Septian, little trouble can make destroy a system, mseptian[.]id)
example 1
md5 a357bcfb2779420c95b5a4a2700ab30a
https://www.virustotal.com/#/file/5e7c567e561a59f93db854ac91cd7f933fa1dac2622e9a05906964c9e03935fb/details
example 2
md5 63f73f4bc9fc243cb919708286c700d8
https://www.virustotal.com/#/file/06be80d28dd6a0cf906b0e7a24054dce23f0a62c982a1eacb83ffbe7073f8dba/details
example 3
md5 3d1984a6d9f952bb7ac495e5d55dd242
https://www.virustotal.com/#/file/5e4340262b6c4b4075b6cca0ffd008959e57a905a915a335185fdb3d677d191b/detection
http://paypa1.com.db.xzmail.ml/paypalv2.zip
Comments
Post a Comment