#PRIV8 #PhishingKitType #CAZANOVA163 #phishing #phishingkit
The Priv8 phishing kit is made by CAZANOVA163 ( https://phishingkittracker.blogspot.com/2019/05/cazanova163.html )
login.php & id.php & cc.php & bnk.php & vbv.php indicates the author
$subject = "PRIV8 V2 LOGIN INFO FROM [$country] - $ip - $xUserName";
$headers = "From: CAZANOVA163 <CAZANOVA163-Free-Tools@hotmail.com>\r\n";
folder structure may look like
\index.php
\home\vbv.php
\home\suspecisious.php
\home\inc\login.php
\home\inc\cc.php
\home\inc\id.php
\home\inc\bnk.php
\home\inc\vbv.php
NOTE: the 'home' folder may be renamed to many other things like 'V2' etc
They may be in folders like PRIVE8, PRIVE9 as versions change
config.php contains the #threatactoremail
suspecious.php is spelled wrong (notice the e instead of i)
stolen data saved to
../../result/Re3sult.txt
webcam image capture on identity.php (confirm your identity)
\home\img\webcam.min.js ( http://github.com/jhuckaby/webcamjs - Webcam Image Capture )
redirect to paypal.com
\home\img\thanks.js
example 1
md5 a357bcfb2779420c95b5a4a2700ab30a
https://www.virustotal.com/#/file/5e7c567e561a59f93db854ac91cd7f933fa1dac2622e9a05906964c9e03935fb/details
example 2
md5 3d1984a6d9f952bb7ac495e5d55dd242
https://www.virustotal.com/#/file/5e4340262b6c4b4075b6cca0ffd008959e57a905a915a335185fdb3d677d191b/detection
http://paypa1.com.db.xzmail.ml/paypalv2.zip
Comments
Post a Comment