CURLing for Crypto on Honeypots
Essential information
- Published
- 09/12/2024 08:26
- Modified
- 09/12/2024 11:02
- Tags
- 2024-12-09 botnet cowrie cryptocurrency curl ddos honeypot mining siem telegram
- Related entities
- 37 observables, 8 techniques (mitre), 1 others
Description
An analysis of honeypot activity reveals a pattern of repeated curl commands targeting various websites, primarily originating from a single IP address. The commands, executed on multiple honeypots, focus on cryptocurrency-related sites, bot construction platforms, and communication services. The activity involves thousands of requests to each site, potentially indicating a distributed denial-of-service attempt or a cryptocurrency mining operation. The report details the methods used to analyze the data, including log parsing and visualization techniques, and provides a comprehensive list of targeted websites along with their purposes. The persistent nature of this activity, which began in November 2024 and continues, suggests an ongoing campaign with unclear motives.