Simple LOL - Phishing Kit Type
#SimpleLOL #PhishingKitType #phishing #phishingkit
@ActorExpose documented a phishing kit that was very simple with only 3 files. It says Created by Dhapi (which could've been modified by the buyer) but the headers say "info@LOL.com"
all links to live.com urls, no images or css stored locally
it also has a bunch of "ko" (knockout) javascript comments
folder structure
\index2.php
\info.php
\index.htm
---------------Created By Dhapi------------------------------
$headers = "info@LOL.com";
example 1:
md5 7dbddca657eabd563cdb7f8e60d32b5f
https://www.virustotal.com/gui/file/db9cf078dc1e10ddfaeab67fb09357c475fa7ff25cd38f713f50522d1731df9b/detection
hxxps://lavernesjohnson[.]gq/
reference
https://twitter.com/ActorExpose/status/1133711942479167490
@ActorExpose documented a phishing kit that was very simple with only 3 files. It says Created by Dhapi (which could've been modified by the buyer) but the headers say "info@LOL.com"
all links to live.com urls, no images or css stored locally
it also has a bunch of "ko" (knockout) javascript comments
folder structure
\index2.php
\info.php
\index.htm
---------------Created By Dhapi------------------------------
$headers = "info@LOL.com";
example 1:
md5 7dbddca657eabd563cdb7f8e60d32b5f
https://www.virustotal.com/gui/file/db9cf078dc1e10ddfaeab67fb09357c475fa7ff25cd38f713f50522d1731df9b/detection
hxxps://lavernesjohnson[.]gq/
reference
https://twitter.com/ActorExpose/status/1133711942479167490
Comments
Post a Comment