CURLing for Crypto on Honeypots

SUMMARY :

An analysis of honeypot activity reveals a pattern of repeated curl commands targeting various websites, primarily originating from a single IP address. The commands, executed on multiple honeypots, focus on cryptocurrency-related sites, bot construction platforms, and communication services. The activity involves thousands of requests to each site, potentially indicating a distributed denial-of-service attempt or a cryptocurrency mining operation. The report details the methods used to analyze the data, including log parsing and visualization techniques, and provides a comprehensive list of targeted websites along with their purposes. The persistent nature of this activity, which began in November 2024 and continues, suggests an ongoing campaign with unclear motives.

OPENCTI LABELS :

botnet,telegram,cryptocurrency,ddos,mining,honeypot,siem,curl,cowrie


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


CURLing for Crypto on Honeypots