From 21265126d287cdf32ea10646ae59323c8562f35f Mon Sep 17 00:00:00 2001
From: Lightning <154468000+LightningDev23@users.noreply.github.com>
Date: Tue, 2 Jul 2024 10:42:59 -0400
Subject: [PATCH 1/3] =?UTF-8?q?=F0=9F=9A=80=20Create=20sledgehammer-bookma?=
 =?UTF-8?q?rk-scam-kit.yml?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Detects a phishing kit that impersonates a Discord bot called Sledgehammer. These sites have a bookmark scam that steals Discord accounts.
---
 indicators/sledgehammer-bookmark-scam-kit.yml | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 indicators/sledgehammer-bookmark-scam-kit.yml

diff --git a/indicators/sledgehammer-bookmark-scam-kit.yml b/indicators/sledgehammer-bookmark-scam-kit.yml
new file mode 100644
index 00000000..4bedae82
--- /dev/null
+++ b/indicators/sledgehammer-bookmark-scam-kit.yml
@@ -0,0 +1,24 @@
+title: Sledgehammer Bookmark Scam Kit
+description: |
+  Detects a phishing kit that impersonates a Discord bot called Sledgehammer. These sites have a bookmark scam that steals Discord accounts.
+
+references:
+    - https://urlscan.io/result/fda3fbfe-673b-4ce4-baff-086cc29f43ed/
+    - https://urlscan.io/result/001f4298-d4a8-475a-bf88-2caa820d2376/
+    - https://urlscan.io/search/#page.url%3A%22%2Fverify%2Fguild%2F%22
+    - https://urlscan.io/search/#page.title%3A%22Sledgehammer%20-%20Homepage%22
+
+detection:
+
+  pageTitle:
+    title: "Sledgehammer - Homepage"
+    
+  pageHTML:
+    html|contains|all:
+      - "Drag Me (Verify)"
+
+  condition: pageTitle and pageHTML
+
+tags:
+  - kit
+  - target.discord

From e4aea2afd07be2d77ea7b389b3d9cbc88e4ab782 Mon Sep 17 00:00:00 2001
From: Lightning <154468000+LightningDev23@users.noreply.github.com>
Date: Thu, 23 Oct 2025 16:14:51 -0400
Subject: [PATCH 2/3] Update sledgehammer-bookmark-scam-kit.yml

---
 indicators/sledgehammer-bookmark-scam-kit.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/indicators/sledgehammer-bookmark-scam-kit.yml b/indicators/sledgehammer-bookmark-scam-kit.yml
index 4bedae82..031e47b6 100644
--- a/indicators/sledgehammer-bookmark-scam-kit.yml
+++ b/indicators/sledgehammer-bookmark-scam-kit.yml
@@ -15,7 +15,7 @@ detection:
     
   pageHTML:
     html|contains|all:
-      - "Drag Me (Verify)"
+      - "Community Verification)"
 
   condition: pageTitle and pageHTML
 

From 1fcda887f545c020bb8083ab1816639fad44b12c Mon Sep 17 00:00:00 2001
From: Lightning <154468000+LightningDev23@users.noreply.github.com>
Date: Thu, 23 Oct 2025 16:15:55 -0400
Subject: [PATCH 3/3] Update sledgehammer-bookmark-scam-kit.yml

---
 indicators/sledgehammer-bookmark-scam-kit.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/indicators/sledgehammer-bookmark-scam-kit.yml b/indicators/sledgehammer-bookmark-scam-kit.yml
index 031e47b6..ac0a0947 100644
--- a/indicators/sledgehammer-bookmark-scam-kit.yml
+++ b/indicators/sledgehammer-bookmark-scam-kit.yml
@@ -15,7 +15,7 @@ detection:
     
   pageHTML:
     html|contains|all:
-      - "Community Verification)"
+      - "Community Verification"
 
   condition: pageTitle and pageHTML