trkrsrvrdb Crypto Drainer 14658cf1

Detects the crypto drainer named 'trkrsrvrdb' that uses the domain trkrsrvrdb.com to exfiltrate it's logs called from within the drainer script

References

https://urlscan.io/result/14658cf1-baf1-4177-98ed-a644eaed7458

IOK Rule (edit)

title: trkrsrvrdb Crypto Drainer 14658cf1
description: |
    Detects the crypto drainer named 'trkrsrvrdb' that uses 
    the domain `trkrsrvrdb.com` to exfiltrate it's logs called
    from within the drainer script
    
references:
    - https://urlscan.io/result/14658cf1-baf1-4177-98ed-a644eaed7458

detection:

    drainerKeywords:
      js|contains|all: 
        - 'trkrsrvrdb.com'
        - 'PANEL_URL'
        - 'document.getElementById("drain")'


    condition: drainerKeywords

tags:
  - cryptocurrency
  - cryptocurrency.ethereum
  - crypto_drainer.trkrsrvrdb