From 17f6297f59559cedfbb349dfe171c6e7b14ec613 Mon Sep 17 00:00:00 2001 From: Lightning <154468000+LightningDev23@users.noreply.github.com> Date: Wed, 8 May 2024 22:12:10 -0400 Subject: [PATCH 1/6] =?UTF-8?q?=F0=9F=9A=80=20Create=20IOK:=20steam-JcQRrb?= =?UTF-8?q?y.yml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These are usually spread on Discord and are typically hidden under default Wordpress blogs. --- indicators/steam-JcQRrby.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 indicators/steam-JcQRrby.yml diff --git a/indicators/steam-JcQRrby.yml b/indicators/steam-JcQRrby.yml new file mode 100644 index 00000000..834835c9 --- /dev/null +++ b/indicators/steam-JcQRrby.yml @@ -0,0 +1,22 @@ +title: Steam Phishing Kit JcQRrby +description: These are usually spread on Discord and are typically hidden under default Wordpress blogs. + +references: + - https://urlscan.io/result/9c91b94b-eaa4-4ed3-b6ff-67a65ecaadb0/ + - https://urlscan.io/result/882799cc-0025-47e9-b8d3-41376a41e7c2/ + - https://urlscan.io/result/ae8d6f7e-3848-407d-8f2e-9102e837c8a3/ + +detection: + pageTitle: + title: "University cup" + + siteLogo: + requests|contains: 'https://i.ibb.co/JcQRrby/nse.png' + + pagePath: + requests|contains: 'expo' + + condition: pageTitle and siteLogo and pagePath + +tags: + - target.steam From db8aec50df68332fa377abe62f73d286f7088e42 Mon Sep 17 00:00:00 2001 From: Lightning <154468000+LightningDev23@users.noreply.github.com> Date: Wed, 8 May 2024 22:16:28 -0400 Subject: [PATCH 2/6] Update steam-JcQRrby.yml --- indicators/steam-JcQRrby.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/indicators/steam-JcQRrby.yml b/indicators/steam-JcQRrby.yml index 834835c9..d981fe06 100644 --- a/indicators/steam-JcQRrby.yml +++ b/indicators/steam-JcQRrby.yml @@ -4,7 +4,6 @@ description: These are usually spread on Discord and are typically hidden under references: - https://urlscan.io/result/9c91b94b-eaa4-4ed3-b6ff-67a65ecaadb0/ - https://urlscan.io/result/882799cc-0025-47e9-b8d3-41376a41e7c2/ - - https://urlscan.io/result/ae8d6f7e-3848-407d-8f2e-9102e837c8a3/ detection: pageTitle: From b5a16e5b7cacb259f66e2738a7866ebff626d0c8 Mon Sep 17 00:00:00 2001 From: Lightning <154468000+LightningDev23@users.noreply.github.com> Date: Wed, 8 May 2024 22:20:50 -0400 Subject: [PATCH 3/6] Update steam-JcQRrby.yml --- indicators/steam-JcQRrby.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/indicators/steam-JcQRrby.yml b/indicators/steam-JcQRrby.yml index d981fe06..834835c9 100644 --- a/indicators/steam-JcQRrby.yml +++ b/indicators/steam-JcQRrby.yml @@ -4,6 +4,7 @@ description: These are usually spread on Discord and are typically hidden under references: - https://urlscan.io/result/9c91b94b-eaa4-4ed3-b6ff-67a65ecaadb0/ - https://urlscan.io/result/882799cc-0025-47e9-b8d3-41376a41e7c2/ + - https://urlscan.io/result/ae8d6f7e-3848-407d-8f2e-9102e837c8a3/ detection: pageTitle: From 55684af58019564746fd7b936190792cfd024192 Mon Sep 17 00:00:00 2001 From: Lightning <154468000+LightningDev23@users.noreply.github.com> Date: Wed, 8 May 2024 22:32:18 -0400 Subject: [PATCH 4/6] Update steam-JcQRrby.yml --- indicators/steam-JcQRrby.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/indicators/steam-JcQRrby.yml b/indicators/steam-JcQRrby.yml index 834835c9..327de56f 100644 --- a/indicators/steam-JcQRrby.yml +++ b/indicators/steam-JcQRrby.yml @@ -3,7 +3,6 @@ description: These are usually spread on Discord and are typically hidden under references: - https://urlscan.io/result/9c91b94b-eaa4-4ed3-b6ff-67a65ecaadb0/ - - https://urlscan.io/result/882799cc-0025-47e9-b8d3-41376a41e7c2/ - https://urlscan.io/result/ae8d6f7e-3848-407d-8f2e-9102e837c8a3/ detection: From de7beb4eeb610076d9f0d905ef3406b760f64137 Mon Sep 17 00:00:00 2001 From: Lightning <154468000+LightningDev23@users.noreply.github.com> Date: Wed, 8 May 2024 22:34:24 -0400 Subject: [PATCH 5/6] Update steam-JcQRrby.yml --- indicators/steam-JcQRrby.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/indicators/steam-JcQRrby.yml b/indicators/steam-JcQRrby.yml index 327de56f..834835c9 100644 --- a/indicators/steam-JcQRrby.yml +++ b/indicators/steam-JcQRrby.yml @@ -3,6 +3,7 @@ description: These are usually spread on Discord and are typically hidden under references: - https://urlscan.io/result/9c91b94b-eaa4-4ed3-b6ff-67a65ecaadb0/ + - https://urlscan.io/result/882799cc-0025-47e9-b8d3-41376a41e7c2/ - https://urlscan.io/result/ae8d6f7e-3848-407d-8f2e-9102e837c8a3/ detection: From 3a2d5c3738564acb3284427bbee85c245774716d Mon Sep 17 00:00:00 2001 From: IlluminatiFish <45714340+IlluminatiFish@users.noreply.github.com> Date: Thu, 9 May 2024 15:26:47 +0100 Subject: [PATCH 6/6] Update steam-JcQRrby.yml --- indicators/steam-JcQRrby.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/indicators/steam-JcQRrby.yml b/indicators/steam-JcQRrby.yml index 834835c9..adaf0086 100644 --- a/indicators/steam-JcQRrby.yml +++ b/indicators/steam-JcQRrby.yml @@ -7,16 +7,15 @@ references: - https://urlscan.io/result/ae8d6f7e-3848-407d-8f2e-9102e837c8a3/ detection: + pageTitle: title: "University cup" siteLogo: requests|contains: 'https://i.ibb.co/JcQRrby/nse.png' - pagePath: - requests|contains: 'expo' - - condition: pageTitle and siteLogo and pagePath + condition: pageTitle and siteLogo tags: + - kit - target.steam