Our Botnet Analysis & Reporting Service (BARS) provides in-depth analysis, tracking, and history of 40+ malware families that utilize unique control protocols and possibly encryption mechanisms.
Our BARS cyber threat intelligence includes IP, BGP and GeoIP information related to each bot. We automatically track botnet infrastructure, and we have a team of malware analysts dedicated to investigating new malware families and/or variants. We are continually developing specialized code to track and report on new threats as they arise.
Bot XML File
This channel contains information related to hosts infected with malware (bots), including the IP, BGP and GeoIP information related to each Bot. Each infected host is also categorized with the type of malware it is infected with, including additional elements.
Command and Control XML File
This channel contains information related to command and control servers, including the type of botnet, details about the host(s) being used to control the botnet, and when available, SHA1/MD5 hashes for malware observed connecting to the botnet.
We list three different types of botnets: IRC (Internet Relay Chat), HTTP, and P2P (Peer to Peer), each with additional elements. For example, the XML entry for an IRC based botnet may include the IPs, ports, channels and passwords of multiple servers being used to control the botnet.
Subset of Controller Feed Entries Include (as of July 2022)
Example Attack Categories
TCP: TCP-based traffic attack
UDP: UDP-based traffic attack
ICMP: ICMP-based traffic attack
SYN: TCP Syn flood attack
HTTP: HTTP/HTTPS-based resource attack
DNSamp: DNSamplification attacks (DNS recursion)