Our Botnet Analysis & Reporting Service (BARS) provides in-depth analysis, tracking, and history of 40+ malware families that utilize unique control protocols and possibly encryption mechanisms.

Our BARS cyber threat intelligence includes IP, BGP and GeoIP information related to each bot. We automatically track botnet infrastructure, and we have a team of malware analysts dedicated to investigating new malware families and/or variants. We are continually developing specialized code to track and report on new threats as they arise.

XML Files

Bot XML File​

This channel contains information related to hosts infected with malware (bots), including the IP, BGP and GeoIP information related to each Bot. Each infected host is also categorized with the type of malware it is infected with, including additional elements.​

Command and Control XML File

This channel contains information related to command and control servers, including the type of botnet, details about the host(s) being used to control the botnet, and when available, SHA1/MD5 hashes for malware observed connecting to the botnet.​

We list three different types of botnets: IRC (Internet Relay Chat), HTTP, and P2P (Peer to Peer), each with additional elements. For example, the XML entry for an IRC based botnet may include the IPs, ports, channels and passwords of multiple servers being used to control the botnet.

Subset of Controller Feed Entries Include (as of July 2022)

• Amadey

• CobaltStrike

• Emotet

• Lokibot

• Mirai

• Nanocore

• Qakbot

• Raccoonstealer

• Redline

• Xorddos

Example Attack Categories

• TCP: TCP-based traffic attack

• UDP: UDP-based traffic attack

• ICMP: ICMP-based traffic attack

• SYN: TCP Syn flood attack

• HTTP: HTTP/HTTPS-based resource attack

• DNSamp: DNSamplification attacks (DNS recursion)