Kaka - Phishing Kit Author
#Kaka #PhishingKitAuthor #phishing #phishingkit
@JoulioK documented a Paypal phishing kit that had lots going on but it referenced "vu.txt" just like the #Sand phishing kit did. This one though indicated that KAKA made it. There also were several all CAPS php file names like BANK.php and INFOS.php and LOGIN.php and VBV.php as well as several php files that start with "websc-"
VBV.php has text
Private Scam Page*********KAKA
Paypal Scam
KAKA / KAKA / KAKA / KAKA /
ZIZOU / ZIZOU / ZIZOU / ZIZOU /
==========[BY KAKA ]=========
LOGIN.php says
==========[BY RAD!TN]=========
both say
$headers = "From: karamzaza||Vbv|| <ruzltathernew@gmail.com>";
folder structure
\secure\mpp\update\banking\
\secure\mpp\update\billing\
\secure\mpp\update\bin\form_card.php
\secure\mpp\update\bin\form_success.php
\secure\mpp\update\bin\header_card.php
\secure\mpp\update\bin\header_finish.php
\secure\mpp\update\bin\div1.php
\secure\mpp\update\bin\div2.php
\secure\mpp\update\bin\div3.php
\secure\mpp\update\bin\div4.php
\secure\mpp\update\bin\div5.php
\secure\mpp\update\bin\div6.php
\secure\mpp\update\css\
\secure\mpp\update\img\
\secure\mpp\update\index\
\secure\mpp\update\js\
\secure\mpp\update\BANK.php
\secure\mpp\update\INFOS.php
\secure\mpp\update\LOGIN.php
\secure\mpp\update\VBV.php
\secure\mpp\update\websc-bank.php
\secure\mpp\update\websc-billing.php
\secure\mpp\update\websc-carding.php
\secure\mpp\update\websc-processing.php
\secure\mpp\update\websc-success.php
\.htaccess
\htaccess
\index.php (references "vu.txt")
example 1:
https://github.com/JoulioK/Phishing_Kits/tree/master/www-secure-login-need-now-update-your-account.ckc.net.nz
Reference
https://twitter.com/Jouliok/status/1133399049481195520
@JoulioK documented a Paypal phishing kit that had lots going on but it referenced "vu.txt" just like the #Sand phishing kit did. This one though indicated that KAKA made it. There also were several all CAPS php file names like BANK.php and INFOS.php and LOGIN.php and VBV.php as well as several php files that start with "websc-"
VBV.php has text
Private Scam Page*********KAKA
Paypal Scam
KAKA / KAKA / KAKA / KAKA /
ZIZOU / ZIZOU / ZIZOU / ZIZOU /
==========[BY KAKA ]=========
LOGIN.php says
==========[BY RAD!TN]=========
both say
$headers = "From: karamzaza||Vbv|| <ruzltathernew@gmail.com>";
folder structure
\secure\mpp\update\banking\
\secure\mpp\update\billing\
\secure\mpp\update\bin\form_card.php
\secure\mpp\update\bin\form_success.php
\secure\mpp\update\bin\header_card.php
\secure\mpp\update\bin\header_finish.php
\secure\mpp\update\bin\div1.php
\secure\mpp\update\bin\div2.php
\secure\mpp\update\bin\div3.php
\secure\mpp\update\bin\div4.php
\secure\mpp\update\bin\div5.php
\secure\mpp\update\bin\div6.php
\secure\mpp\update\css\
\secure\mpp\update\img\
\secure\mpp\update\index\
\secure\mpp\update\js\
\secure\mpp\update\BANK.php
\secure\mpp\update\INFOS.php
\secure\mpp\update\LOGIN.php
\secure\mpp\update\VBV.php
\secure\mpp\update\websc-bank.php
\secure\mpp\update\websc-billing.php
\secure\mpp\update\websc-carding.php
\secure\mpp\update\websc-processing.php
\secure\mpp\update\websc-success.php
\.htaccess
\htaccess
\index.php (references "vu.txt")
example 1:
https://github.com/JoulioK/Phishing_Kits/tree/master/www-secure-login-need-now-update-your-account.ckc.net.nz
Reference
https://twitter.com/Jouliok/status/1133399049481195520
Comments
Post a Comment