Sand - Phishing Kit Type
#sand #PhishingKitType #phishing #phishingkit
@JoulioK documented a Chase Bank phish that had a phishing kit with numerous files having the prefix of "sand_". It also had numerous antibot php files and is seen writing to both a file named "vu.txt" and one named "admin.php"
folder structure
\admin.php
\adminpanel.php
\index.php
\.git\
\bot\antibots1.php
\bot\antibots2.php
\bot\antibots3.php
\bot\antibots4.php
\bot\antibots5.php
\bot\antibots6.php
\home\haccess.php
\home\myaccount.php
\home\signin.php
\home\assets\
\home\css\
\home\js\
\home\php\sand_uploads.php
\home\php\ajax_remove_file.php
\home\php\ajax_upload_file.php
\home\style\
\home\system\bincheck.php
\home\system\sand_biling.php
\home\system\sand_carde.php
\home\system\sand_email.php (contains #threatactoremail and writes to \admin.php)
\home\system\sand_login.php
\home\system\sand_login_email.php
\home\system\system.php
\uploads\haccess.php
\index.php writes data to a file named "vu.txt" , makes randomly named directories, and references 6 antibots[x].php
@JoulioK also found a 2nd example very similar
folder structure
\1\
\1\w1\home\home\vu.txt
\1\w1\ome\home\system\sand_access.php
\1\w1\ome\home\system\sand_billing.php
\1\w1\ome\home\system\sand_email.php
\1\w1\ome\home\system\sand_login.php
\1\w1\ome\home\system\sand_uploads.php
\.htaccess
\antibots.php
\blk.php
\blocker.php ( references PremanKeyboard 2003-2016 BambangLicious , Do not rip my code or i will kill your mama !)
\bots.php
\bt.php ( references foreach($BITCHES as $BITCHES){ )
\index.php
\robots.txt
example 1:
securepage.account-verification-required3949392[.]ga
https://github.com/JoulioK/Phishing_Kits/tree/master/securepage.account-verification-required3949392.ga
example 2:
https://github.com/JoulioK/Phishing_Kits/blob/master/ankitsingh.tech/wells%20faro.zip ankitsingh[.]tech
references
https://twitter.com/Jouliok/status/1133106896670461955
@JoulioK documented a Chase Bank phish that had a phishing kit with numerous files having the prefix of "sand_". It also had numerous antibot php files and is seen writing to both a file named "vu.txt" and one named "admin.php"
folder structure
\admin.php
\adminpanel.php
\index.php
\.git\
\bot\antibots1.php
\bot\antibots2.php
\bot\antibots3.php
\bot\antibots4.php
\bot\antibots5.php
\bot\antibots6.php
\home\haccess.php
\home\myaccount.php
\home\signin.php
\home\assets\
\home\css\
\home\js\
\home\php\sand_uploads.php
\home\php\ajax_remove_file.php
\home\php\ajax_upload_file.php
\home\style\
\home\system\bincheck.php
\home\system\sand_biling.php
\home\system\sand_carde.php
\home\system\sand_email.php (contains #threatactoremail and writes to \admin.php)
\home\system\sand_login.php
\home\system\sand_login_email.php
\home\system\system.php
\uploads\haccess.php
\index.php writes data to a file named "vu.txt" , makes randomly named directories, and references 6 antibots[x].php
@JoulioK also found a 2nd example very similar
folder structure
\1\
\1\w1\home\home\vu.txt
\1\w1\ome\home\system\sand_access.php
\1\w1\ome\home\system\sand_billing.php
\1\w1\ome\home\system\sand_email.php
\1\w1\ome\home\system\sand_login.php
\1\w1\ome\home\system\sand_uploads.php
\.htaccess
\antibots.php
\blk.php
\blocker.php ( references PremanKeyboard 2003-2016 BambangLicious , Do not rip my code or i will kill your mama !)
\bots.php
\bt.php ( references foreach($BITCHES as $BITCHES){ )
\index.php
\robots.txt
example 1:
securepage.account-verification-required3949392[.]ga
https://github.com/JoulioK/Phishing_Kits/tree/master/securepage.account-verification-required3949392.ga
example 2:
https://github.com/JoulioK/Phishing_Kits/blob/master/ankitsingh.tech/wells%20faro.zip ankitsingh[.]tech
references
https://twitter.com/Jouliok/status/1133106896670461955
https://twitter.com/Jouliok/status/1133623343893110785
Comments
Post a Comment