SettingsJS Crypto Drainer d810a56

Detects a crypto drainer that has its own configuration file called settings.js.

References

https://urlscan.io/result/fec90b9f-cc8c-4d83-ac66-7b58010b7ad0

IOK Rule (edit)

title: SettingsJS Crypto Drainer d810a56
description: |
    Detects a crypto drainer that has its
    own configuration file called settings.js.

references:
    - https://urlscan.io/result/fec90b9f-cc8c-4d83-ac66-7b58010b7ad0

detection:

    fileName:
      requests|contains: 'settings.js'

    settingsDictionaryName: 
      js|contains: 'collectionInfo'

    confirmationMessage:
      js|contains|all:
        - 'Welcome, '
        - 'Click to sign in and accept the Terms of Service.'
        - 'This request will not trigger a blockchain transaction or cost any gas fees.'
        - 'Wallet Address:'
        - 'Nonce:'

    condition: fileName and settingsDictionaryName and confirmationMessage

tags:
  - cryptocurrency
  - cryptocurrency.ethereum