Category: PhishingKit-Yara-Rules

CERT CSIRT cti hunting OSINT phishing phishing kit PhishingKit-Yara-Rules soc StalkPhish.io threat analysis threat intelligence

[Use case] Hunting for phishing pages

By StalkPhish

Fight phishing (aka “Phight”) is not an easy task, you need to detect a campaign before starting to dismantle it. You can compare that to a race: the faster you detect a campaign, the faster you can start to takedown it! We created StalkPhish with this idea in mind, to be fast and accurate. Fast

Continue reading
Posted in: , , , ,
No comments
phishing phishing kit PhishingKit-Yara-Rules StalkPhish.io threat analysis

[Phishing kit] LinkedIn phishing kit targeting Chinese users – an analysis

By StalkPhish on

At StalkPhish we like dissecting Phishing kits, first because we create Yara rules for detection, secondly because we must continually keep up to date with new developments in terms of phishing kits, finally because we like to pass on to the general public knowledge about this type of threat. This post was previously published on

Continue reading
Posted in: , , , ,
No comments
phishing phishing kit PhishingKit-Yara-Rules Stalkphish tool

[Phishing kit] M&T Bank – Telegram exfiltration kit, without any Telegram link

By StalkPhish on

One of the latest kits downloaded by StalkPhish targets customers of the online bank M&T. It has a special feature that we wanted to share with you. We still blogged about the use of Telegram by scammers, but this kit present an interesting new trick. First observations As many, the archive of this kit has

Continue reading
Posted in: , , , ,
No comments
phishing phishing kit PhishingKit-Yara-Rules Stalkphish

[Phishing kit] ‘Moha’ kit, targeting DEWA suppliers

By StalkPhish on

At StalkPhish we like dissecting Phishing kits, first because we create Yara rules for detection, secondly because we must continually keep up to date with new developments in terms of phishing kits, finally because we like to pass on to the general public knowledge about this type of threat. The phishing kit we go to

Continue reading
Posted in: , , , , ,
No comments
PhishingKit-Yara-Rules tool

Using PhishingKit-Yara-Rules with ClamAV

By StalkPhish on

As a reminder, the PhishingKit-Yara-Rules project is a free and open source project which provides several dozen phishing kit detection rules contained in zip archives. You can find these rules on GitHub: https://github.com/t4d/PhishingKit-Yara-Rules We have already covered the creation and use of Phishing Kit Yara rules in a previous post (see: https://stalkphish.com/2021/08/17/using-phishing-kit-yara-rules-project-for-phishing-kits-detection-and-triage/). Specifically, these are

Continue reading
Posted in: , , ,
No comments
phishing phishing kit PhishingKit-Yara-Rules Stalkphish tool

Using Phishing-Kit-Yara-Rules project for phishing kits detection and triage

By StalkPhish on

Since some months now, we maintain specific Yara rules to detect phishing kit sources (.zip files). Phishing kits sources are sometimes left on the host serving phishing pages. Using the StalkPhish project (see https://stalkphish.com/products/stalkphish/) we used to collect phishing kits in order to extract e-mails addresses, Telegram channels (see https://stalkphish.com/2020/12/14/how-phishing-kits-use-telegram/), and so on. In order

Continue reading
Posted in: , , , , , , ,
No comments