#SimpleFinish #PhishingKitType #phishing #phishingkit
The Simple Finish kit is basic on all levels. It only contains 3 "code" files
\index.html <== the simple phish page that accepts gmail, aol, yahoo, creds, etc.
\finish.php <== the simple mailer file that emails out the stolen creds
\gen_validatorv4.js <== JavaScript Form Validator Version 4.0, Copyright (C) 2003-2011
[comes from hxxp://www.javascript-coder[.]com]
It also has a folder with images
\ssl\ <== filled with images
One image is mis-spelled (singin e.g. singing) instead of (signin e.g. sign-in)
\ssl\singin.png
CSS (cascading stylesheets) are simple and all embedded directly into the index.html
finish.php is also very simple and could indicate completely custom done or ripped off from another kit
$message .= "************* Fuck All Y'all *************\n";
$message .= "***************SIR KAA$H***************\n";
$message .= "* Success is Loading... because I want it! *\n";
example 1:
md5 0def009024d5f1a61ff74462d060eff5
https://www.virustotal.com/#/file/3e58a8cc336da2a3130d8278aece1ddbf52729b77efc3da1a4c1d2feebb97587/details
hxxps://nygolddiamond[.]com/looiuo/Gdoc.zip
Comments
Post a Comment