From 549480fa123fd1c3067c39f75d09f091fb7b8a29 Mon Sep 17 00:00:00 2001
From: Lightning <154468000+LightningDev23@users.noreply.github.com>
Date: Sun, 10 Mar 2024 19:23:51 -0400
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=80=20Create=20IOK:=20opensea-389-9bec?=
 =?UTF-8?q?97c22fa2e411=20(#246)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* 🚀 opensea-389-9bec97c22fa2e411.yml

* Update opensea-389-9bec97c22fa2e411.yml

* Update opensea-389-9bec97c22fa2e411.yml

---------

Co-authored-by: IlluminatiFish <45714340+IlluminatiFish@users.noreply.github.com>
---
 indicators/opensea-389-9bec97c22fa2e411.yml | 22 +++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 indicators/opensea-389-9bec97c22fa2e411.yml

diff --git a/indicators/opensea-389-9bec97c22fa2e411.yml b/indicators/opensea-389-9bec97c22fa2e411.yml
new file mode 100644
index 0000000..e2d9d28
--- /dev/null
+++ b/indicators/opensea-389-9bec97c22fa2e411.yml
@@ -0,0 +1,22 @@
+title: OpenSea Phishing 389-9bec97c22fa2e411
+description: Detects OpenSea wallet drainers - mystery box scam. Often hosted on Vercel (https://vercel.com/).
+
+references:
+    - https://urlscan.io/result/03383a08-4618-4a92-9bff-99bd8b2be9f2/
+    - https://urlscan.io/result/672f40d7-78fb-4b28-8ef5-9f09591e20ea/
+    - https://urlscan.io/result/c6ed3c5a-e79a-491b-b316-deedc0527c49/
+    
+detection:
+
+  fileRequest:
+    requests|endswith: '/389-9bec97c22fa2e411.gif'
+    
+  fileUsage:
+    # This GIF file is used on a lot of OpenSea scams.
+    html|contains: '/389-9bec97c22fa2e411.gif'
+
+  condition: fileRequest and fileUsage
+
+tags:
+    - target.opensea
+    - cryptocurrency