search

chartingshow / crypto-firewall

🎁 Blocks browser-based crypto mining, cryptojacking, banking and crypto malware and phishing websites, apps and hackers command-and-control (C2) servers.
GNU General Public License v3.0
7 stars 0 forks source link

Block `Angel Drainer` a cryptocurrency drainer malware #475

Closed summercms closed 3 months ago

summercms commented 3 months ago

Enhancement idea

Description

Our analysis shows that in 2023 bad actors created well over 20,000 unique Web3 phishing sites with various types of crypto drainers. In the first two months of 2024, we tracked at least three unrelated malware campaigns that began using crypto drainers in website hacks. Angel Drainer has been found on 5,751 different unique domains over the past four weeks.

Links

https://blog.sucuri.net/2024/02/web3-crypto-malware-angel-drainer.html

https://blog.sucuri.net/2024/03/from-web3-drainer-to-distributed-wordpress-brute-force-attack.html

IOC

I2P websites

n/a

IPFS websites

n/a

Tor2web websites

n/a

TOR websites

n/a

URL's

n/a

Folders

n/a

Sub-Domains

admit-satoshivm.pages.dev
analyse-trades.web.app
coinbase-walletconnectv4.vercel.app
jscdnweb.pages.dev
paperhold-net.web.app
secured-key.pages.dev

Github Pages:

christiemcalley98102.github.io
clementadif.github.io
ryanclementjxq.github.io
scamlife.github.io

Domains

4378uehdkf.com
65a044a0023ca.com
87634rh4r4r3rfekj.com
app-melis.io 
applebtc.co
billionalr.com
billlionair.app
browsersjsfiles.com
calzoom.com
cdn-npmjs.com
cdnjs-storage.com
chain-connect-api.com
claim-zetachain.top
cloudcdnjs.com
cloudflare-eth.org
cloudweb3-api.com
coingecko-priceapi.com
collection-satoshivm.io
dynamic-linx.com
dynamiclink.lol
dynamiclinks.cfd
flashbots-builder.com
getblocks.org
giftbeyondwealth.com
giveaway-manta.network
hostpdf.co
infura-api.com
io-walletconnect.com
melstroy.by
migrate-memedefiv2.xyz
minetrix.app
newsoutlets.net
nextcdnjs.com
nftfastapi.com
notcoins-event.org
opensmarketplace.net
paulmulleracademico.com
posiit.com
reward-memecoin.com
rpc-ankr.net
tobaccosoldiers.com
tradinglabs.app
unpkgaa.com
usdistribution.org
v3singularity.net
web3-cloudfront.com
web3modal-api.com
webprotocols.online

IP's

138.199.60.19
138.199.60.23
138.199.60.32
146.70.199.169
185.216.70.94
87.121.87.177
87.121.87.178
93.123.39.199
94.156.8.251

ASN's

n/a

Emails

n/a

Wallet addresses

0xFe8a95604CB87A9C6C5b1Ec681Bcfb4aE77F0c31
0xc5cE06FC4E2A26514afe69e25a6B36ab51F9FE42
0x443B74A3C052463Ad6ae88eD9eE24E18a84302cE

Mining pool addresses

n/a