phishing – StalkPhish – phishing and brand impersonation detection

[Threat intelligence] Using StalkPhish.io with Intel Owl to speed up threat analysis

By StalkPhish on 04/04/202204/07/2022

Using StalkPhish.io analyzer as a threat intelligence feed for IntelOwl to speed up your threat analysis.

Posted in: API, CERT, CSIRT, cti, Cyber Threat Intelligence, Cybersecurity, intelowl, open source, OSINT, phishing, soc, Stalkphish, threat analysis, tool

phishing phishing kit PhishingKit-Yara-Rules Stalkphish tool

[Phishing kit] M&T Bank – Telegram exfiltration kit, without any Telegram link

By StalkPhish on 03/14/202203/15/2022

One of the latest kits downloaded by StalkPhish targets customers of the online bank M&T. It has a special feature that we wanted to share with you. We still blogged about the use of Telegram by scammers, but this kit present an interesting new trick. First observations As many, the archive of this kit has

Posted in: analysis, phishing, phishing kit, Stalkphish, telegram

phishing phishing kit PhishingKit-Yara-Rules Stalkphish

[Phishing kit] ‘Moha’ kit, targeting DEWA suppliers

By StalkPhish on 02/04/202202/04/2022

At StalkPhish we like dissecting Phishing kits, first because we create Yara rules for detection, secondly because we must continually keep up to date with new developments in terms of phishing kits, finally because we like to pass on to the general public knowledge about this type of threat. The phishing kit we go to

Posted in: analysis, dewa, moha, phishing, phishing kit, Stalkphish

PhishingKit-Yara-Rules tool

Using PhishingKit-Yara-Rules with ClamAV

By StalkPhish on 01/25/202201/25/2022

As a reminder, the PhishingKit-Yara-Rules project is a free and open source project which provides several dozen phishing kit detection rules contained in zip archives. You can find these rules on GitHub: https://github.com/t4d/PhishingKit-Yara-Rules We have already covered the creation and use of Phishing Kit Yara rules in a previous post (see: https://stalkphish.com/2021/08/17/using-phishing-kit-yara-rules-project-for-phishing-kits-detection-and-triage/). Specifically, these are

Posted in: phishing, phishing kit, Stalkphish, yara

phishing phishing kit PhishingKit-Yara-Rules Stalkphish tool

Using Phishing-Kit-Yara-Rules project for phishing kits detection and triage

By StalkPhish on 08/17/202108/17/2021

Since some months now, we maintain specific Yara rules to detect phishing kit sources (.zip files). Phishing kits sources are sometimes left on the host serving phishing pages. Using the StalkPhish project (see https://stalkphish.com/products/stalkphish/) we used to collect phishing kits in order to extract e-mails addresses, Telegram channels (see https://stalkphish.com/2020/12/14/how-phishing-kits-use-telegram/), and so on. In order

Posted in: phishing, phishing kit, PhishingKit-Yara-Search, python, Stalkphish, tool, virustotal, yara

phishing phishing kit Stalkphish tool

How-to use StalkPhish.io

By StalkPhish on 06/30/202111/29/2021

StalkPhish.io is a SaaS application which provides enriched data about potential phishing URL or brand impersonation use, with a REST API.

Posted in: Cybersecurity, phishing, phishing kit, Stalkphish

phishing phishing kit

How phishing kits uses Telegram

By StalkPhish on 12/14/202003/29/2021

More and more actors uses Telegram chat groups to exfiltrate harvested data, we’ll show you how we can collect informations about those actors. Let’s have a dive into one of this kits.

Posted in: Cybersecurity, Infosec, phishing, phishing kit, Stalkphish

phishing phishing kit

[Phishing Kit] ‘Israel’ Outlook Web App credentials stealer

By StalkPhish on 12/06/201903/24/2021

An analysis of a phishing kit found with StalkPhish tool. This phishing kit impersonating a professional Outlook login pattern and exfiltrate credentials on an online portal (FormBuddy)… with no success.

Posted in: formbuddy, outlook, perl, phishing

Tag: phishing