Skip to content

Comments

Add bitcoin wallet scans to suspicious URL's#1324

Merged
ddpbsd merged 1 commit intomasterfrom
unknown repository
Dec 4, 2017
Merged

Add bitcoin wallet scans to suspicious URL's#1324
ddpbsd merged 1 commit intomasterfrom
unknown repository

Conversation

@ghost
Copy link

@ghost ghost commented Nov 26, 2017

Example logfile entries:

192.168.0.1 - - [22/Oct/2017:12:39:42 +0200] "GET /wallet.dat.1 HTTP/1.1" 404 210 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0"
192.168.0.1 - - [22/Oct/2017:12:39:42 +0200] "GET /wallet.dat.1 HTTP/1.0" 404 210 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0"
192.168.0.1 - - [22/Oct/2017:12:39:29 +0200] "GET /bitcoin_wallet.dat.zip HTTP/1.0" 404 210 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0"
192.168.0.1 - - [22/Oct/2017:12:39:29 +0200] "GET /bitcoin_wallet.dat.zip HTTP/1.1" 404 210 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0"
192.168.0.1 - - [22/Oct/2017:12:39:26 +0200] "GET /Bitcoin/wallet.dat HTTP/1.0" 404 210 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0"
192.168.0.1 - - [22/Oct/2017:12:39:26 +0200] "GET /Bitcoin/wallet.dat HTTP/1.1" 404 210 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0"
192.168.0.1 - - [22/Oct/2017:12:39:15 +0200] "GET /bitcoin%20datadir/wallet.dat HTTP/1.0" 404 210 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0"
192.168.0.1 - - [22/Oct/2017:12:39:14 +0200] "GET /hostname_wallet.dat HTTP/1.0" 404 210 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0"
192.168.0.1 - - [22/Oct/2017:12:39:14 +0200] "GET /home/.bitcoin/wallet.dat HTTP/1.0" 404 210 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0"
192.168.0.1 - - [22/Oct/2017:12:39:15 +0200] "GET /bitcoin%20datadir/wallet.dat HTTP/1.1" 404 210 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0"
192.168.0.1 - - [22/Oct/2017:12:39:14 +0200] "GET /hostname_wallet.dat HTTP/1.1" 404 210 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0"
192.168.0.1 - - [22/Oct/2017:12:39:14 +0200] "GET /home/.bitcoin/wallet.dat HTTP/1.1" 404 210 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0"

Cross-ref: wazuh/wazuh-ruleset#87

@ghost ghost mentioned this pull request Nov 26, 2017
Merged
@ddpbsd ddpbsd merged commit 0239cec into ossec:master Dec 4, 2017
@ghost ghost deleted the patch-1 branch December 4, 2017 07:44
This was referenced Jan 5, 2018
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ddpbsd