Asli Crypto Drainer ea8f67e

Detects a family of crypto drainers that utilises a similarly structured landing page.

References

https://urlscan.io/result/f930ba09-8c22-4b4f-8cfe-6506e1f01bfb
https://urlscan.io/result/168274a9-c66b-44c3-b7f8-ce6412a9b2d7

IOK Rule (edit)

title: Asli Crypto Drainer ea8f67e
description: |
    Detects a family of crypto drainers that utilises
    a similarly structured landing page.
    
references:
  - https://urlscan.io/result/f930ba09-8c22-4b4f-8cfe-6506e1f01bfb
  - https://urlscan.io/result/168274a9-c66b-44c3-b7f8-ce6412a9b2d7
    
detection:
  
  jQueryHash:
    html|contains: '894YE6QWD5I59HgZOGReFYm4dnWc1Qt5NtvYSaNcOP+u1T9qYdvdihz0PPSiiqn/+/3e7Jo4EaG7TubfWGUrMQ=='

  fakeTimeElement:
    html|contains: '<span id="timess">'
    
  fakeText:
    html|contains|all: 
        - 'PRE-SALE IS LIVE'
        - 'LIMITED SALE'
        - 'All other links are FAKE'
        - 'Thank you for your support and patience!'


  condition: jQueryHash and fakeTimeElement and fakeText
  
tags:
  - threat_actor_country.china
  - crypto_drainer.asli
  - cryptocurrency
  - cryptocurrency.ethereum