[Advent of IOK: Day 4] Suspicious file names

Phishing sites are created by relatively low skilled threat actors who rely heavily on copying from other phishing kits.

This means you'll often see the same assets (images, scripts, etc.) used across multiple similar phishing kits. We use this to detect a set of Microsoft scams.

This is a companion discussion topic for the original entry at https://phish.report/iok/learn/040-suspcious-filenames

There’s a couple different mp3 files loaded by these sites, but this is the one loaded by all of them: 0wa0rni0ng0.mp3