IOK Rules: cryptocurrency.ethereum

SMU Crypto Drainer d9da4dc1

Detects a crypto drainer that hides commonly within the file named `utils.js` and has a seperate `showMess.js` file with functions used to send window alerts.

Fake crypto giveaway coin selection b791myo4

Detects a scam giveaway landing page which claims to host a large cryptocurrency event. Sometimes the scammer will pick a specific cryptocurrency to target, but in this case they decided to add a menu where the user can select a specific coin.

Ark Investment Crypto Phishing Kit 3465f6c

Detects a crypto phishing kit using Ark Investment as proof of the giveaway being legitmate, this kit also uses people like Elon Musk to lure victims.

Ethereum Wallet Drainer (Monkey Drainer)

Detects the "Monkey Drainer" phishing script kit

rusc Crypto Drainer f4180c6

Detects a crypto drainer that supports English & Russian in its logging messages. It also has its own configuration file called `import_main.js` and its main draining functionality in a file called `main.js`

Asli Crypto Drainer ea8f67e

Detects a family of crypto drainers that utilises a similarly structured landing page.

crew3 Crypto Drainer 0827f6e1

Detects the crypto drainer created by a Chinese threat actor that is hidden within the file named `main.69e3e80e.js` commonly hosted on a subdomain with the apex domain being either `server-crew3.xyz` or `web3-crew3.xyz`

finesse Crypto Drainer 9c933ae7

Detects a crypto drainer that usually appears on websites that impersonate the Discord Bots `MEE6` and `Dyno`.

SettingsJS Crypto Drainer d810a56

Detects a crypto drainer that has its own configuration file called settings.js.

hardteam Crypto Drainer f42d93a4

Detects the crypto drainer named 'hardteam' that uses the domain `hardteam.site` to exfiltrate it's logs called from within the drainer script located in the file `drainer_v4.js`

ToastrJS Crypto Drainer 0d0f9db

Detects a crypto drainer.

trkrsrvrdb Crypto Drainer 14658cf1

Detects the crypto drainer named 'trkrsrvrdb' that uses the domain `trkrsrvrdb.com` to exfiltrate it's logs called from within the drainer script

Ethereum cryptocurrency wallet drainer - Iil1ililIl1iIl1ill1Ilii

Detects an Ethereum cryptocurrency wallet drainer that has a constant variable named Iil1ililIl1iIl1ill1Ilii.

Elon Musk fake crypto giveaway xfve5qjx

Detects a scam giveaway landing page which claims to host a large cryptocurrency event. It asks you to send coins to a wallet to have them doubled.

Vitalik Buterin fake crypto giveaway cbn4xt8m

Detects a scam giveaway landing page which claims to host a large cryptocurrency event. It asks you to send coins to a wallet to have them doubled.