Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create: 3 IOKs for common Steam phishing kits #212

Merged
merged 31 commits into from
May 20, 2024
Merged

Create: 3 IOKs for common Steam phishing kits #212

merged 31 commits into from
May 20, 2024

Conversation

PCPisChill
Copy link
Contributor

@PCPisChill PCPisChill commented Jul 30, 2023
edited by IlluminatiFish
Loading

Adds IOKs for common Steam phishing kits that get spammed in Steam groups:

Steam CSGO2 Beta Phishing Kit

Steam Phishing Kit getsiteconfig:

Steam Auronplay Gift Card Phishing Kit:

PCPisChill and others added 5 commits August 16, 2023 12:22
@PCPisChill
Update steam-metrica.yml
0a28cca 
Fixed detection field name
@IlluminatiFish
Update steam-getsiteconfig.yml
70e1971 
Remove overlapping reference
@IlluminatiFish
Update csgo2beta-videos.yml
43060fb 
Remove invalid reference
@IlluminatiFish
Update steam-auronplay.yml
3a6fa0d 
Remove invalid reference
@IlluminatiFish
Update steam-metrica.yml
d1dd5a2 
Remove invalid reference
@IlluminatiFish IlluminatiFish added the stale The issue or pull request is over 14 days old label Sep 19, 2023
@IlluminatiFish
Copy link
Collaborator

Please resolve the issues identified by the workflow

@PCPisChill
Update csgo2beta-videos.yml
903ac2d 
Fix failed to match (added case insensitive title check) https://urlscan.io/result/5c36ed3f-3efe-43a9-a669-f13f4ff0cdcb
@PCPisChill
Update steam-metrica.yml
4755cc7 
Fix metrica.php request
@PCPisChill
Update csgo2beta-videos.yml
229a9b3 
Use (?i) instead of /i
@PCPisChill
Update steam-auronplay.yml
9f48b7f 
Updated 'giftFromAuronplay' to regex ignoring "<span></span>"s between string.
@PCPisChill
Update steam-getsiteconfig.yml
4f82b3e 
Added new example
@PCPisChill
Copy link
Contributor Author

Please resolve the issues identified by the workflow

Should all be working now, not sure why 'steam-auronplay.yml' wasn't working for https://urlscan.io/result/23b2c035-4daa-405e-98cd-0f3cdddcd5ca as 'giftFromAuronplay' should have caught it but I've updated it to regex.

IlluminatiFish
IlluminatiFish requested changes Nov 26, 2023
View reviewed changes
Copy link
Collaborator

@IlluminatiFish IlluminatiFish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reference scan you mention in your change does not appear to match either the original detection logic nor the updated logic with the regular expression. I believe this reference should be removed from this rule's reference list.

@IlluminatiFish
✨Update and rename steam-auronplay.yml to steam-ee34fa99.yml
8273e1c 
Update rule detection logic & name
@IlluminatiFish
✨Update steam-ee34fa99
8e2d0ea 
Remove dynamic filename from sale banner GIF detection string
@IlluminatiFish
Update and rename csgo2beta-videos.yml to steam-de077e20.yml
0d992df 
Simplify rule logic, fix rule and file name
@IlluminatiFish
Update and rename steam-getsiteconfig.yml to steam-732d40f3.yml
cb18c20 
Modify detection logic to use more robust flags
@IlluminatiFish
Delete indicators/steam-metrica.yml
29dc4ee 
Remove redundant rule
@IlluminatiFish IlluminatiFish changed the title Create: 4 IOKs for common Steam phishing kits Create: 3 IOKs for common Steam phishing kits May 20, 2024
@IlluminatiFish IlluminatiFish removed the stale The issue or pull request is over 14 days old label May 20, 2024
@IlluminatiFish IlluminatiFish merged commit 052afce into phish-report:main May 20, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@IlluminatiFish IlluminatiFish IlluminatiFish approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@PCPisChill @IlluminatiFish @bradleyjkemp