diff --git a/indicators/anz-bank-cd6ec9e7.yml b/indicators/anz-bank-cd6ec9e7.yml
new file mode 100644
index 00000000..41e8f1a6
--- /dev/null
+++ b/indicators/anz-bank-cd6ec9e7.yml
@@ -0,0 +1,38 @@
+title: ANZ Bank Phishing Kit cd6ec9e7
+description: |
+    This kit seems to define a few configuration
+    values within the page's javascript, possibly
+    to communicate with the backend which user 
+    of the phishing service owns the phishing page.
+
+references:
+  - https://urlscan.io/result/cd6ec9e7-b588-469b-986c-1e2b84d3e9b4
+  - https://urlscan.io/result/45395d64-b370-4fee-94ae-964fe92965b4
+  - https://urlscan.io/result/895d7b3b-6bf7-4f42-b36c-150c14867728
+    
+detection:
+
+    pageTitle:
+        title: "Login - ANZ Internet Banking"
+
+    kitConfiguration:
+        js|contains|all:
+            - "var urlroot"
+            - "var uniqueid"
+    
+    kitAssets:
+        dom|contains|all:
+            - "//js/option.js"
+            - "//js/browser.js"
+            - "//panel/img/logo.PNG"
+            - "//panel/img/img-01.PNG"
+            - "//panel/img/anz-logo.1.0.0.svg"
+            
+
+    condition: pageTitle and kitConfiguration and kitAssets
+
+tags:
+  - kit
+  - target.anz_bank
+  - target_country.new_zealand
+