{
  "name": "Boxing Clever: Uncovering a $1M Task Scam Cluster Exploiting Major Brands",
  "slug": "boxing-clever-uncovering-a-1m-task-scam-cluster-exploiting-major-brands",
  "description": "A sophisticated task scam cluster has been discovered, exploiting major brands like Delta Airlines, AMC Theatres, and Universal Studios. The scam uses API-driven templates and cryptocurrency payments, with over $1 million in attributable transactions. Victims are lured into 'earning' money by completing tasks such as booking flights. The scam requires initial cryptocurrency deposits to become a 'VIP' member. The infrastructure utilizes domains registered through Dominet, Alibaba Cloud's registrar, with a distinct registrant pattern. Multiple wallet addresses across different cryptocurrencies have been identified. The scam's configuration files reveal its adaptability across various brands and industries.",
  "published": "2025-08-26T14:14:17+00:00",
  "created_at": "2025-08-26T14:14:17+00:00",
  "modified_at": "2025-08-26T17:09:53+00:00",
  "created_at_opencti": "2025-08-26T14:14:17+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-08-26",
    "brand impersonation",
    "cryptocurrency",
    "dominet",
    "task scam"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "universalstudioworksite.com"
      },
      {
        "id": "",
        "name": "fp40.com"
      },
      {
        "id": "",
        "name": "epicrecorlvip.com"
      },
      {
        "id": "",
        "name": "deltaairlineivip.com"
      },
      {
        "id": "",
        "name": "amctheatreilu.com"
      },
      {
        "id": "",
        "name": "amblinil.com"
      },
      {
        "id": "",
        "name": "all-accorli.com"
      }
    ],
    "attack_patterns": [
      {
        "id": "30f6a233-a437-4146-987a-3e42ae12889a",
        "name": "T1608.004"
      },
      {
        "id": "d19f56ca-5ce8-4bd1-af90-7d83e394470c",
        "name": "T1583.001"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Aerospace"
      },
      {
        "id": "",
        "name": "Technology"
      },
      {
        "id": "",
        "name": "Media"
      },
      {
        "id": "",
        "name": "Finance"
      }
    ]
  },
  "external_refs": [
    "https://www.netcraft.com/blog/boxing-clever-the-million-dollar-task-scam-cluster",
    "https://otx.alienvault.com/pulse/68addd59d25d87e90c026eb4"
  ]
}