Exodus Wallet Phishing Kit

Detects a Exodus Wallet cryptocurrency wallet drainer that includes a function to validate the BIP39 recovery phrase entered.

References

https://urlscan.io/result/03392ec8-cd9d-4ced-85bd-b409b9ae417d
https://urlscan.io/result/a8589aba-56a9-4761-90bd-e135acd4c2c0
https://urlscan.io/result/9c742557-4845-489f-8681-c32316281ee3
https://urlscan.io/result/7e399906-efbd-405d-9da9-f83794dcc89a

IOK Rule (edit)

title: Exodus Wallet Phishing Kit
description: |
    Detects a Exodus Wallet cryptocurrency wallet drainer that includes a function to validate
    the BIP39 recovery phrase entered.
    
references:
    - https://urlscan.io/result/03392ec8-cd9d-4ced-85bd-b409b9ae417d
    - https://urlscan.io/result/a8589aba-56a9-4761-90bd-e135acd4c2c0
    - https://urlscan.io/result/9c742557-4845-489f-8681-c32316281ee3
    - https://urlscan.io/result/7e399906-efbd-405d-9da9-f83794dcc89a

detection:

    Bip39JsFile:
      requests|contains: 'bip39.browser.min.js'

    Bip39FormSubmit:
      html|contains: 'onsubmit="validateBIP39();"'

    walletIdentifier:
      html|contains: 'exodus'

    condition:  Bip39JsFile and Bip39FormSubmit and walletIdentifier

tags:
  - kit
  - target.exodus
  - target_type.cryptocurrency