Date: 08/16/2024
Severity: High
Summary
The article "Crypto Investment Scams Impersonating Tesla" investigates fraudulent schemes that use Tesla's name to lure victims into cryptocurrency investment scams. These scams falsely claim endorsements or partnerships with Tesla to gain credibility and attract investors. The article details how scammers operate, the deceptive tactics they use, and the financial losses they cause. It also provides advice on how to recognize and avoid such scams, emphasizing the importance of due diligence and skepticism when dealing with investment opportunities.
Indicators of Compromise (IOC) List
URL/Domain | https://api.teslamall66.vip/teslamall66.apk tesla-usdt.com teslausdt.org sc-tesla.com teslabond.org teslaevcharging.com teslafund.org teslamall66.vip teslausdt.net teslausdt.vip |
Hash |
ebc120ac0608d4b43a23a84e7ebcf84aeee2fca96184928ee787b734d85b0f01 |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Detection Query 1 | userdomainname like "https://api.teslamall66.vip/teslamall66.apk" or url like "https://api.teslamall66.vip/teslamall66.apk" or userdomainname like "tesla-usdt.com" or url like "tesla-usdt.com" or userdomainname like "teslausdt.org" or url like "teslausdt.org" or userdomainname like "sc-tesla.com" or url like "sc-tesla.com" or userdomainname like "teslabond.org" or url like "teslabond.org" or userdomainname like "teslaevcharging.com" or url like "teslaevcharging.com" or userdomainname like "teslafund.org" or url like "teslafund.org" or userdomainname like "teslamall66.vip" or url like "teslamall66.vip" or userdomainname like "teslausdt.net" or url like "teslausdt.net" or userdomainname like "teslausdt.vip" or url like "teslausdt.vip" |
Detection Query 2 |
sha256hash IN ("ebc120ac0608d4b43a23a84e7ebcf84aeee2fca96184928ee787b734d85b0f01") |
Reference:
https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-08-14-crytpo-investment-scams-impersonating-Tesla.txt