Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Bitcoin "Blacklists" - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Bitcoin "Blacklists"

At the Internet Storm Center, we regularly get malware and fraudulent emails including Bitcoin addresses. Like the extortion emails including leaked passwords. And we often search online for these Bitcoin addresses, to see what else we can find.

Recently, with the "bomb extortion" emails, I was looking up Bitcoin addresses and came accross a site called "Bitcoin Abuse Database". It's a repository of Bitcoin addresses that are used for scams and fraud.

For example, here is the report for Bitcoin address 1LeReNiUgHNXvvR8TpgQG1b5nzqoKeUxDY.

It looks like a great resource to lookup Bitcoin addresses, and report on addresses used for scams and fraud, although I don't know who is behind this initiative.

Do you know similar resources? Please post a comment.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

372 Posts
ISC Handler
Closed source intel from places like Neutrino and Chainalysis are handy...but pricey.
Anonymous
If you receive what appears to be a targeted threat, append the bitcoin address to the end as shown here: https://www.blockchain.com/btc/address/1LeReNiUgHNXvvR8TpgQG1b5nzqoKeUxDY

You'll see that there's already been one transaction, which means the same bitcoin address is being used for everyone receiving the email which means there's no way the criminal knows who has paid and who hasn't paid.

If it hasn't been reported yet per the article you now have another method to see if it's targeted to you specifically.
Anonymous
Not sure if you saw this one or not >> https://www.sans.org/webcasts/109645?utm_medium=Social&utm_source=Twitter&utm_content=Kirby+Plessas+Webcast&utm_campaign=Open-Source+Intelligence+Summit+Training+2019

https://twitter.com/kirbstr/status/1074735409223983104

Enjoy :D
Anonymous
Today, I received the following extortion attempt, complete with bad punctuation, and a BITCOIN identifier.
-------------
Hi... .

I run a website in the deep
web,I
perform all sorts of services - in the main it is destruction to property and
harm.In
the
main,all
but the
murder.Often
main reasons are unrequited love or competition at
bussiness.This
month he contacted me and gave me the order of pour out acid in your
visage.Standard
task -
quickly,painfully,for life.Without
too much
fuss.I
get receive only after finishing the
task.Thus,
now I offer you pay me to be
inactive,I
propose this to nearly all the
victims.If
I do not see money from you, then my man will fulfill the
task.If
you transfer me
money,in
addition to my
inaction,I
will provide you the info that I have about the
client.After
finishing the order, I always lose the
performer,so
I have an
option,to
get $1500 from you for information about the customer and my
inaction,or
to receive $ 5000 from the
customer,but
with a high probability of spending the performer.

I’m getting money in btc,its my Bitcoin address -

15UFZdE9vRjtyKbLteV4B3U9QSTpEuJoxc

The sum I indicated above...

24 hours to transfer, and remember that time is beating... .
__________________________________________________________


Checking:

https://www.blockchain.com/btc/address/15UFZdE9vRjtyKbLteV4B3U9QSTpEuJoxc

gives "zero transactions". So far.
Anonymous
Another good resource to look up Bitcoin addresses used in spam/extorsion is https://bitcoinwhoswho.com/
Thomas

1 Posts
This Tweet https://twitter.com/videah_/status/1080977519191486464 refers to oxt.me as an additional Bitcoin research source.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!