{"id":43567,"date":"2021-10-22T18:22:54","date_gmt":"2021-10-22T18:22:54","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/phishing-kit-todayzoo-cobbled-together-from-other-malware"},"modified":"2021-10-22T18:22:54","modified_gmt":"2021-10-22T18:22:54","slug":"todayzoo-phishing-kit-cobbled-together-from-other-malware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/","title":{"rendered":"&#8216;TodayZoo&#8217; Phishing Kit Cobbled Together From Other Malware"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt4b5727ec6caa37c0\/6173020aeb071a650e01e02d\/Fig10-related-phish-kits-TodayZoo.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>A phishing operation has cut and pasted components of at least five other phishing kits to create its own attack platform,&nbsp;sending out password-reset and fax-and-scanner notifications in significant campaigns earlier this year, according to researchers with the Microsoft 365 Defender Threat Intelligence Team.<\/p>\n<p>The TodayZoo kit, as Microsoft dubbed the framework, appears to extensively use code from another kit, known as DanceVida, while other components significantly match the code from at least five other phishing kits. Microsoft first discovered the phishing kit in December 2020, but a series of major campaigns in March and June 2021 attempted to steal credentials from Microsoft users, leading the company&#8217;s threat intelligence team to analyze the kit.<\/p>\n<p>Calling the cybercriminal tool a &#8220;Franken-phish&#8221; because of its use of parts from other phishing kits, the kit seems to bring together different components of other phishing tools rather than use a phishing-as-a-service offering, says Tanmay Ganacharya, partner director for security research at Microsoft Defender.<\/p>\n<p>&#8220;Ultimately, phishing kits \u2014 similar to malware \u2014 are increasingly modular and sometimes defy clean family attribution as a result,&#8221; he says. &#8220;Other kits that are similar and have shared code are also well-protected at this time, but we see new kits and phish pages daily that defy standard naming as they morph so quickly.&#8221;<\/p>\n<p>Phishing continues to be an extremely popular way of harvesting sensitive information and legitimate credentials from unwary users. Successful attacks are less likely to come through an e-mail client and more likely to target mobile users, according to a report released this week by Jamf, a provider of enterprise management tools for Apple computers and devices. Around 10% of users on mobile devices have clicked on a phishing link in the past year, an increase of 160% over the past 12 months, the company <a href=\"https:\/\/www.jamf.com\/resources\/white-papers\/phishing-trends-report-2021\/\" target=\"_blank\" rel=\"noopener\">states in its &#8220;Phishing Trends Report 2021.&#8221;<\/a>&nbsp;<\/p>\n<p>The most popular brands targeted by phishing attacks in 2021 included Apple, PayPal, Amazon, and Microsoft, the report states. <\/p>\n<p>&#8220;Phishing attack delivery has evolved far beyond poorly-worded emails offering &#8216;unclaimed lottery winnings,'&#8221; the&nbsp;Jamf&nbsp;report states. &#8220;They are not only more personalized and more convincing, they are reaching users in more places than ever before and increasingly going beyond consumers to target business credentials and data.&#8221;<\/p>\n<p><strong>Phishing Kits Up Close<br \/><\/strong>Phishing kits typically have three major components: an imitation capability that creates login pages that match closely to a targeted brand; a set of features that obfuscate the malicious code in the pages, which also includes anti-analysis features; and code that harvests credentials, or other sensitive information, from the user and sends it back to the attacker. <\/p>\n<p>In its analysis, Microsoft found TodayZoo and DanceVida had about a 30% to 35% overlap between the code included in the two kits. The two codebases diverged significantly in how they handled credential harvesting. <\/p>\n<p>&#8220;[B]ecause of the consistency in the redirection patterns, domains, and other techniques, tactics, and procedures (TTPs) of its related campaigns, we believe that the actors behind it came across an old phishing kit template and replaced the credential harvesting part with its own exfiltration logic to make TodayZoo solely for their nefarious purposes,&#8221; <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/10\/21\/franken-phish-todayzoo-built-from-other-phishing-kits\/\" target=\"_blank\" rel=\"noopener\">according to the Microsoft researchers<\/a>.<\/p>\n<p>The TodayZoo campaigns all used the same four-step attack, sending e-mail to targeted users who then would be redirected to an initial page. Then victims&#8217; browsers were redirected&nbsp;to a second page, which then sent the victim to a final landing page hosted by \u2014 in almost every case \u2014 service provider Digital Ocean.<\/p>\n<p>&#8220;[T]his research further proves that most phishing kits observed or available today are based on a smaller cluster of larger kit &#8216;families,'&#8221; the Microsoft analysis states. &#8220;While this trend has been observed previously, it continues to be the norm, given how phishing kits we\u2019ve seen share large amounts of code among themselves.&#8221;<\/p>\n<p>The code for TodayZoo, and the scripts used to create its pages, had a large number of artifacts left over from the original source of the code, according to Microsoft. Such dead links and callbacks to other kits may indicate that many phishing kit distributors and phishing operators are quickly grabbing pieces of code from available sources to build their tools, Microsoft says.<\/p>\n<p>&#8220;We will likely see more cobbled-kits in the future, as well as more effective kits in general as some of the more generic [and] obvious ones fall out of use in favor of more evasive kits that bypass sandbox evasion, incorporate CAPTCHAs, encode source, or use separate programming languages or resource types,&#8221; says Phillip Misner, principal security group manager at Microsoft. <\/p>\n<p>Misner warned that credential phishing will continue to be a danger to businesses, especially if companies do not adequately filter out suspicious e-mail messages and senders. Businesses should consider adopting multifactor authentication and harden the configurations for their mail servers to make phishing attacks more difficult, he says.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/phishing-kit-todayzoo-cobbled-together-from-other-malware\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft&#8217;s analysis of a recent phishing attack shows how cybercriminals are mixing and matching to efficiently develop their attack frameworks.Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/phishing-kit-todayzoo-cobbled-together-from-other-malware\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-43567","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>&#039;TodayZoo&#039; Phishing Kit Cobbled Together From Other Malware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"&#039;TodayZoo&#039; Phishing Kit Cobbled Together From Other Malware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-10-22T18:22:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt4b5727ec6caa37c0\/6173020aeb071a650e01e02d\/Fig10-related-phish-kits-TodayZoo.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/todayzoo-phishing-kit-cobbled-together-from-other-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/todayzoo-phishing-kit-cobbled-together-from-other-malware\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"&#8216;TodayZoo&#8217; Phishing Kit Cobbled Together From Other Malware\",\"datePublished\":\"2021-10-22T18:22:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/todayzoo-phishing-kit-cobbled-together-from-other-malware\\\/\"},\"wordCount\":808,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/todayzoo-phishing-kit-cobbled-together-from-other-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt4b5727ec6caa37c0\\\/6173020aeb071a650e01e02d\\\/Fig10-related-phish-kits-TodayZoo.png\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/todayzoo-phishing-kit-cobbled-together-from-other-malware\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/todayzoo-phishing-kit-cobbled-together-from-other-malware\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/todayzoo-phishing-kit-cobbled-together-from-other-malware\\\/\",\"name\":\"'TodayZoo' Phishing Kit Cobbled Together From Other Malware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/todayzoo-phishing-kit-cobbled-together-from-other-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/todayzoo-phishing-kit-cobbled-together-from-other-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt4b5727ec6caa37c0\\\/6173020aeb071a650e01e02d\\\/Fig10-related-phish-kits-TodayZoo.png\",\"datePublished\":\"2021-10-22T18:22:54+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/todayzoo-phishing-kit-cobbled-together-from-other-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/todayzoo-phishing-kit-cobbled-together-from-other-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/todayzoo-phishing-kit-cobbled-together-from-other-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt4b5727ec6caa37c0\\\/6173020aeb071a650e01e02d\\\/Fig10-related-phish-kits-TodayZoo.png\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt4b5727ec6caa37c0\\\/6173020aeb071a650e01e02d\\\/Fig10-related-phish-kits-TodayZoo.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/todayzoo-phishing-kit-cobbled-together-from-other-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"&#8216;TodayZoo&#8217; Phishing Kit Cobbled Together From Other Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"'TodayZoo' Phishing Kit Cobbled Together From Other Malware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/","og_locale":"en_US","og_type":"article","og_title":"'TodayZoo' Phishing Kit Cobbled Together From Other Malware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-10-22T18:22:54+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt4b5727ec6caa37c0\/6173020aeb071a650e01e02d\/Fig10-related-phish-kits-TodayZoo.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"&#8216;TodayZoo&#8217; Phishing Kit Cobbled Together From Other Malware","datePublished":"2021-10-22T18:22:54+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/"},"wordCount":808,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt4b5727ec6caa37c0\/6173020aeb071a650e01e02d\/Fig10-related-phish-kits-TodayZoo.png","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/","url":"https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/","name":"'TodayZoo' Phishing Kit Cobbled Together From Other Malware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt4b5727ec6caa37c0\/6173020aeb071a650e01e02d\/Fig10-related-phish-kits-TodayZoo.png","datePublished":"2021-10-22T18:22:54+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt4b5727ec6caa37c0\/6173020aeb071a650e01e02d\/Fig10-related-phish-kits-TodayZoo.png","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt4b5727ec6caa37c0\/6173020aeb071a650e01e02d\/Fig10-related-phish-kits-TodayZoo.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/todayzoo-phishing-kit-cobbled-together-from-other-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"&#8216;TodayZoo&#8217; Phishing Kit Cobbled Together From Other Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43567","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=43567"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43567\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=43567"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=43567"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=43567"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}