hardteam Crypto Drainer f42d93a4

Detects the crypto drainer named 'hardteam' that uses the domain hardteam.site to exfiltrate it's logs called from within the drainer script located in the file drainer_v4.js

References

https://urlscan.io/result/c7dfc420-17d4-4adf-a64b-093d471f1ab8

IOK Rule (edit)

title: hardteam Crypto Drainer f42d93a4
description: |
    Detects the crypto drainer named 'hardteam' that uses 
    the domain `hardteam.site` to exfiltrate it's logs called
    from within the drainer script located in the file 
    `drainer_v4.js`
    
references:
    - https://urlscan.io/result/c7dfc420-17d4-4adf-a64b-093d471f1ab8

detection:

    drainerFile:
      requests|contains: 'drainer_v4.js'

    drainerLog:
      requests|contains: 'hardteam.site'

    drainerKeywords:
      js|contains|all: 
        - 'metamask_spammer()'
        - 'connectAndDrain'

    condition: drainerFile and drainerLog and drainerKeywords

tags:
  - cryptocurrency
  - cryptocurrency.ethereum
  - crypto_drainer.hardteam