Category: Stalkphish

[Phishing kit] M&T Bank – Telegram exfiltration kit, without any Telegram link

One of the latest kits downloaded by StalkPhish targets customers of the online bank M&T. It has a special feature that we wanted to share with you. We still blogged about the use of Telegram by scammers, but this kit present an interesting new trick. First observations As many, the archive of this kit has

Continue reading

[Phishing kit] ‘Moha’ kit, targeting DEWA suppliers

At StalkPhish we like dissecting Phishing kits, first because we create Yara rules for detection, secondly because we must continually keep up to date with new developments in terms of phishing kits, finally because we like to pass on to the general public knowledge about this type of threat. The phishing kit we go to

Continue reading

Several domain names, one protected redirector, one phishing campaign

Sometimes phishing campaigns are not conduced with phishing kits only, actors behind those phishing campaigns can use different tricks to prevent their work being takedown, as using protected web redirectors. A campaign we can see this days use this redirector trick on several domain names. This campaign target DHL customers, impersonating the delivery company. A

Continue reading
No comments

Using Phishing-Kit-Yara-Rules project for phishing kits detection and triage

Since some months now, we maintain specific Yara rules to detect phishing kit sources (.zip files). Phishing kits sources are sometimes left on the host serving phishing pages. Using the StalkPhish project (see we used to collect phishing kits in order to extract e-mails addresses, Telegram channels (see, and so on. In order

Continue reading