From e26c152600ee493d749ff2c39d75d1e9b9f24e56 Mon Sep 17 00:00:00 2001 From: anAMAncE123 <142008946+anAMAncE123@users.noreply.github.com> Date: Fri, 11 Aug 2023 05:09:04 -0500 Subject: [PATCH 1/2] Create Elon-YouTube This is a different phish kit than the existing one. The sites are commonly found on YouTube Live Streams hosted on hijacked channels. --- indicators/Elon-YouTube | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 indicators/Elon-YouTube diff --git a/indicators/Elon-YouTube b/indicators/Elon-YouTube new file mode 100644 index 00000000..da826042 --- /dev/null +++ b/indicators/Elon-YouTube @@ -0,0 +1,37 @@ +title: Fake Elon Musk Crypto Giveaway +description: | + These phishing sites pretend to be Elon Musk-endorsed crypto giveaways, designed to deceive users into sending + cryptocurrency or revealing private keys, with false promises of greater returns. +level: likely_malicious + +references: + - https://urlscan.io/result/652a9d46-c012-42d1-a148-5bcf45174bf9 + - https://urlscan.io/result/3cf5b7c4-a5f9-455c-a387-fd73a010aa9f + - https://urlscan.io/result/2baed78f-44e1-4d8e-8943-971a470fa7d4 + - https://urlscan.io/result/e2c67e74-69f7-4ad2-8a25-3ea9a74be45c + - https://urlscan.io/result/c91ac187-9eb0-4168-93c6-ddf7e27e9e55 + - https://urlscan.io/result/9d4307f3-02b2-4cfb-b054-5d0997813c8d + - https://urlscan.io/result/fadf8f66-f8c3-4b0f-9c01-211d551c92ff + - https://urlscan.io/result/56e131f3-5403-474d-87aa-fefc17fba548 + +detection: + muskCryptoPhrases: + html|contains|any: + - 'Elon Musk giveaway' + - 'biggest crypto giveaway of' + - 'the most global event' + - 'huge crypto giveaway during the launch' + - 'Elon Musk' + - 'Tesla' + - 'SpaceX' + chatDomain: + domain|contains: + - 'bootstrap.smartsuppchat.com' + condition: muskCryptoPhrases or chatDomain + +tags: + - crypto_scam + - impersonation + - target.elon_musk + - target.tesla + - target.spacex From 1d7e61a70df5d5ac2d2e9601d5e42734f46ca93e Mon Sep 17 00:00:00 2001 From: anAMAncE123 <142008946+anAMAncE123@users.noreply.github.com> Date: Fri, 11 Aug 2023 05:24:44 -0500 Subject: [PATCH 2/2] Update and rename Elon-YouTube to elon-youtube-b4e7a9c2 Corrected to match style guide --- indicators/{Elon-YouTube => elon-youtube-b4e7a9c2} | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) rename indicators/{Elon-YouTube => elon-youtube-b4e7a9c2} (80%) diff --git a/indicators/Elon-YouTube b/indicators/elon-youtube-b4e7a9c2 similarity index 80% rename from indicators/Elon-YouTube rename to indicators/elon-youtube-b4e7a9c2 index da826042..c0df61e8 100644 --- a/indicators/Elon-YouTube +++ b/indicators/elon-youtube-b4e7a9c2 @@ -1,19 +1,13 @@ -title: Fake Elon Musk Crypto Giveaway +title: Elon Musk Crypto Giveaway Phishing Kit b4e7a9c2 description: | These phishing sites pretend to be Elon Musk-endorsed crypto giveaways, designed to deceive users into sending cryptocurrency or revealing private keys, with false promises of greater returns. -level: likely_malicious - references: - https://urlscan.io/result/652a9d46-c012-42d1-a148-5bcf45174bf9 - https://urlscan.io/result/3cf5b7c4-a5f9-455c-a387-fd73a010aa9f - https://urlscan.io/result/2baed78f-44e1-4d8e-8943-971a470fa7d4 - https://urlscan.io/result/e2c67e74-69f7-4ad2-8a25-3ea9a74be45c - https://urlscan.io/result/c91ac187-9eb0-4168-93c6-ddf7e27e9e55 - - https://urlscan.io/result/9d4307f3-02b2-4cfb-b054-5d0997813c8d - - https://urlscan.io/result/fadf8f66-f8c3-4b0f-9c01-211d551c92ff - - https://urlscan.io/result/56e131f3-5403-474d-87aa-fefc17fba548 - detection: muskCryptoPhrases: html|contains|any: @@ -28,7 +22,6 @@ detection: domain|contains: - 'bootstrap.smartsuppchat.com' condition: muskCryptoPhrases or chatDomain - tags: - crypto_scam - impersonation