Detects a fake cryptocurrency giveaway impersonating Elon Musk and promising to send back dobule (BTC, ETH, DOGE) that you send to the attacker's wallet. Distributed through Twitter phishing accounts.
title: Cryptocurrency Giveaway wjUTKJ
description: |
Detects a fake cryptocurrency giveaway impersonating Elon Musk and promising to send back dobule (BTC, ETH, DOGE) that you send to the attacker's wallet. Distributed through Twitter phishing accounts.
references:
- https://urlscan.io/result/083f91b7-16b7-4b6c-844e-9425fed3fc95/
- https://urlscan.io/result/e55991b0-ea64-4dca-ae1f-a575803705a7/
- https://urlscan.io/result/b060abae-d511-4afa-afa1-b11b4781050c/
- https://urlscan.io/result/06e491a1-c010-49b1-89db-8d9e27f3e3de/
- https://twitter.com/bulca_aysel/status/1591347407224086528
- https://twitter.com/YeksekYelda/status/1591336268964974598
- https://twitter.com/BulentBall2/status/1591186718325342209
- https://twitter.com/mjikballl/status/1591356689072390145
- https://twitter.com/SsatyavratSingh/status/1591351035431653376
detection:
landingPageStatistics:
html|contains|all:
- "new Image().src = 'https://whos.amung.us/widget/kralbenim.png';"
- src="sstatic1.histats.com/03f403f40.html?4652932&101" alt="" border="0"
landingPageIcon:
html|contains:
- link rel="icon" type="image/x-icon" href="img/logo.html"
landingPageOptions:
html|contains|all:
- a class="hero__btn hero__btn_color_blue" href="eth.html"
- a class="hero__btn hero__btn_color_orange" href="btc.html"
- a class="hero__btn hero__btn_color_blue" href="doge.html"
coinStatistics:
html|contains:
- new Image().src = 'https://whos.amung.us/widget/kralbenim.png';
coinTitle:
html|contains:
- <title>T E S L A</title>
coinElon:
html|contains:
- img class="event__img" src="img/event/elon.png" alt="elon"
condition: (landingPageStatistics and landingPageIcon and landingPageOptions) or (coinStatistics and coinTitle and coinElon)
tags:
- kit
- cryptocurrency
- cryptocurrency.btc
- cryptocurrency.eth
- cryptocurrency.doge