Next Step - Phishing Kit Type
#NextStep #PhishingKitType #phishing #phishingkit
@dave_daves documented a bank of america phishing kit that had multiple "next" and "step" php files plug images that are short and sequential like a1.png, a2.png, a3.png, etc.
folder structure
\images\a1.png
\images\a2.png
\images\...
\images\a5.png
\images\a6.png
\images
\.htaccess
\hostname.php
\login.php
\next1.php
\next2.php
\next3.php
\step2.php
\step3.php
\step4.php
image names are all 1 or 2 letters followed by 1 or 2 digits which is similar to the #MaxiThrone #phishingkit
the page title in all the HTML portions of the php files is HTML encoded (e.g. <title>Verif)
example 1:
md5 45c35ea930d268c365673acd513a4f8b
https://www.virustotal.com/gui/file/8cdd87fb38b6a035162e0aa88396d342bdc9cffb4ed7ddcf59a2f9e0f2c323e0/detection
hxxp://www.securebankoamerica[.]com/bankofamerica%2004-2019[.]zip
reference
https://twitter.com/dave_daves/status/1133369638421716993
@dave_daves documented a bank of america phishing kit that had multiple "next" and "step" php files plug images that are short and sequential like a1.png, a2.png, a3.png, etc.
folder structure
\images\a1.png
\images\a2.png
\images\...
\images\a5.png
\images\a6.png
\images
\.htaccess
\hostname.php
\login.php
\next1.php
\next2.php
\next3.php
\step2.php
\step3.php
\step4.php
image names are all 1 or 2 letters followed by 1 or 2 digits which is similar to the #MaxiThrone #phishingkit
the page title in all the HTML portions of the php files is HTML encoded (e.g. <title>Verif)
example 1:
md5 45c35ea930d268c365673acd513a4f8b
https://www.virustotal.com/gui/file/8cdd87fb38b6a035162e0aa88396d342bdc9cffb4ed7ddcf59a2f9e0f2c323e0/detection
hxxp://www.securebankoamerica[.]com/bankofamerica%2004-2019[.]zip
reference
https://twitter.com/dave_daves/status/1133369638421716993
Comments
Post a Comment