CURLing for Crypto on Honeypots
Dec. 9, 2024, 11:02 a.m.
Description
An analysis of honeypot activity reveals a pattern of repeated curl commands targeting various websites, primarily originating from a single IP address. The commands, executed on multiple honeypots, focus on cryptocurrency-related sites, bot construction platforms, and communication services. The activity involves thousands of requests to each site, potentially indicating a distributed denial-of-service attempt or a cryptocurrency mining operation. The report details the methods used to analyze the data, including log parsing and visualization techniques, and provides a comprehensive list of targeted websites along with their purposes. The persistent nature of this activity, which began in November 2024 and continues, suggests an ongoing campaign with unclear motives.
Tags
Date
- Created: Dec. 9, 2024, 8:26 a.m.
- Published: Dec. 9, 2024, 8:26 a.m.
- Modified: Dec. 9, 2024, 11:02 a.m.
Indicators
- 77.91.85.134
- 193.222.99.121
- 178.159.43.149
- www.gift-bnb.org
- https://www.gogetsms.com/
- https://www.gift-bnb.org/
- https://umbrella.day/
- https://token-mining.org:443
- https://steam-up.ru
- https://tgmaster.xyz
- https://static.tgcube.store/
- https://niolic.com
- https://sambot.ru
- https://mystars-hk.syllix.io
- https://freeapi.bot-t.com/
- https://jvault.xyz
- https://jambler.io
- https://duda.com.ua/
- https://eth0.me
- https://exchange-pool.com/
- https://bottap.ru/
- https://botman.pro
- https://btcbot.cc
- https://app.tbiz.pro
- http://stk-ms.ru
- https://santasol.fun/
- static.tgcube.store
- mystars-hk.syllix.io
- keys.neovpn.online
- freeapi.bot-t.com
- umbrella.day
- steam-up.ru
- santasol.fun
- niolic.com
- jvault.xyz
- express12.com
- exchange-pool.com
Additional Informations
- Russian Federation