![]() ![]() The more recent version of the kit (using the JS filenames referenced in this rule) was first observed on (). This is a slightly earlier version of the phishing kit (referencing slightly different JS files) and was last seen on July 13th. So far, the earliest observed appearance of this campaign was on July 1st (()). * Push the download of a (trojanized?) remote desktop tool `AnyDesk.exe` The same frontend code (HTML, CSS, and JS) is deployed regardless of the company being targeted, but the company name and logo is provided by the C2 server.įrom analysing the code it appears this kit is set up to: However, unlike similar kits, this is hardcoded per instance of the phishing site and isn't dynamic based on the victim's email. To decrease victim's suspicion this kit (like many) includes details specific to the targeted company e.g. It aims to steal the victim's email address, SSO password, and MFA details. Okta is a Single Sign-On (SSO) provider used by many enterprises and this phishing kit targets those enterprises. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |