#FudTool #FudToolRu #PhishingKitAuthor #phishing #phishingki

1. #FudTool #FudToolRu #PhishingKitAuthor #phishing #phishingkit
2.  
3. screenshots
4. https://imgur.com/a/D4hB0mg
5.  
6. May contain text
7. FUDTOOL [.] RU
8. VVINDOWS (Notice is is 2 V's instead of a W)
9. ReZulT
10.  
11. The index.php is generic and offers a choice of signins like Gmail, AOL, Windows, yahoo, etc.
12.  
13. Then many of the extra files are 2 or 3 letter names such as
14. AA1.htm (AOL Phish)
15. AA1.php (AOL Phish)
16. GGC.htm (Gmail Phish)
17. GGC.php (Gmail Phish)
18. LL1.htm (Windows Phish)
19. LL2.php (Windows Phish)
20. OT.htm (Generic Phish)
21. OT.php (Generic Phish)
22. YY.htm (Yahoo Phish)
23. YY1.php (Yahoo Phish)
24.  
25. Each htm referenced www.sitepoint.com to grab MaskedPassword.js
26.  
27. verification.php references Google Captcha
28. e.g.
29. "Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29tCg=="
30. which decodes to
31. botguard-contact@google.com
32.  
33.  
34. example 1
35. md5 fd8d58053d947ad17dce49f707f4846a
36. https://www.virustotal.com/#/file/a9d405875eafc65a6159c7e8c6a56bf8afef06ce67ab3e5e5e50e56133a2559d/detection
37. http://seirawa.com/..ll/azn.zip
38.  
39. References
40. https://urlscan.io/result/ea3be793-d63a-4be6-9053-b7e107dbadd7/ ( seirawa.com )