{
  "name": "Technical Analysis of the BlackForce Phishing Kit",
  "slug": "technical-analysis-of-the-blackforce-phishing-kit",
  "description": "The BlackForce phishing kit, first observed in August 2025, has evolved through multiple versions and is capable of stealing credentials and performing Man-in-the-Browser attacks to bypass multi-factor authentication. It impersonates various brands and uses sophisticated evasion techniques, including a blocklist for security vendors and web crawlers. The kit features a dual-channel communication architecture, separating the phishing server from a Telegram drop. Its attack chain includes user validation, credential capture, and real-time alerts to attackers. BlackForce employs anti-analysis filters, stateful attack models, and a command-and-control panel for managing phishing sessions. The rapid versioning indicates active development and adaptation to improve resilience and evade detection.",
  "published": "2025-12-12T07:45:06+00:00",
  "created_at": "2025-12-12T07:45:06+00:00",
  "modified_at": "2025-12-21T18:01:14+00:00",
  "created_at_opencti": "2025-12-12T07:45:06+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-12-12",
    "blackforce",
    "credential-theft",
    "evasion techniques",
    "mfa bypass",
    "mitb",
    "phishing",
    "telegram"
  ],
  "related_entities": {
    "malware": [
      {
        "id": "legacy:malware:8a1471f77250e287",
        "name": "BlackForce",
        "slug": "blackforce"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "obnovintfx.help"
      },
      {
        "id": "",
        "name": "myflx-sub.com"
      },
      {
        "id": "",
        "name": "renew-netfix.com"
      },
      {
        "id": "",
        "name": "cuenta-renueva.com"
      },
      {
        "id": "",
        "name": "netfliix-uae.com"
      },
      {
        "id": "",
        "name": "supportnetfiixsavza.com"
      },
      {
        "id": "",
        "name": "fixmy-nflix.info"
      },
      {
        "id": "",
        "name": "connectrenew-gateway.com"
      },
      {
        "id": "",
        "name": "cuenta-renovacion-es.com"
      },
      {
        "id": "",
        "name": "netfx-actualizar.com"
      },
      {
        "id": "",
        "name": "faq-help-center.com"
      },
      {
        "id": "",
        "name": "centro-de-ayuda-help.com"
      },
      {
        "id": "",
        "name": "telenet-flix.com"
      }
    ]
  },
  "external_refs": [
    "https://otx.alienvault.com/pulse/693bd6126b0e51b63c7cd87f",
    "https://www.zscaler.com/blogs/security-research/technical-analysis-blackforce-phishing-kit"
  ]
}