#SimpleMail #PhishingKitType #phishing #phishingkit
@ActorExpose came across a Simple Mail phishing kit on 5/26/2019 that contained the DocuSign phishing HTML and PHP mailer code all in one index.php file
folder structure
\index.php <== the entire phish & mailer are in this 1 php file
\mail.php <== contains #threatactoremail
\verification.php <== seems a duplicate of the phish mailer found in index.php
\geoplugin.class.php <== @author gp_support@geoplugin.com, version 1.01
\assets <== contains css, javascript (SpryValidationTextField.js SpryValidationPassword.js both Copyright 2006 Adobe Systems, jquery.ddslick.min.js) , and woff fonts
\css
\images
example 1:
md5 0f7f5e8eeee9f0b954f9718e99936325
https://www.virustotal.com/#/file/a0c449ee40fa35e5c085d412f7c8045ffb39408986115ae7dbc18b4cd5e25dd4/detection
hxxp://locationlanka[.]com
references
https://twitter.com/ActorExpose/status/1132690623855779841
Comments
Post a Comment