Skip to content

Commit

Permalink
Update roblox-phishing-8l0pamh6.yml
Browse files Browse the repository at this point in the history
Minor description and detection field names fixes
  • Loading branch information
IlluminatiFish authored May 20, 2024
1 parent 8df0272 commit a86e9f4
Showing 1 changed file with 10 additions and 9 deletions.
19 changes: 10 additions & 9 deletions indicators/roblox-phishing-8l0pamh6.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
title: Roblox Phishing Kit 8l0pamh6
description: |
Detects Roblox phishing sites using a roblox body id and cdn.
Usually at /controlPage/create you can create a "Beaming link".
Often spread trough discord.
Detects Roblox phishing sites using a Roblox specific strings
within the DOM.
Usually at /controlPage/create you can create a "Beaming link"
These are often spread through Discord to victims.
references:
- https://www.youtube.com/watch?v=lUL2vgyhsw4
- https://urlscan.io/result/c716b820-174e-4211-9c09-4663b4a7e47d/
Expand All @@ -13,19 +14,19 @@ references:

detection:

realdomain:
realDomains:
hostname|endswith:
- .roblox.com
- .rbxcdn.com

rbxbodyid:
rbxBodyId:
dom|contains: body id="rbx-body"

rbxcdn:
rbxCDN:
dom|contains: rbxcdn

condition: rbxcdn and rbxbodyid and not realdomain

condition: rbxCDN and rbxBodyId and not realDomains

tags:
- kit
Expand Down

0 comments on commit a86e9f4

Please sign in to comment.