CYBER-THREAT INTELLIGENCE SERVICES:
BOTNET INTELLIGENCE FEED
Expert monitoring and notification services to identify botnets threatening your reputation and customers
Many network attacks are organized using botnets. Such attacks might target casual Internet users, but often these threats are aimed at specific organizations and their online customers.
ADMINUSLabs DEEPInsight™ solution tracks the activity of botnets and provides real-time notifications of threats associated with specific enterprise brands. You can use this information to advise and inform your customers, security services providers and law enforcement about current threats. Protect your organization’s reputation and customers today with ADMINUSLabs Botnet Threat Intelligence Service.
TAKE ACTION WITH REAL-TIME DELIVERABLE:
The service provides a subscription to JSON format notifications containing intelligence about matching brand names by tracking keywords in the botnets monitored by ADMINUSLabs. Notifications include:
-
Targeted URLs of the botnet - Bot malware is designed to wait until the user accesses the URL(s) of the targeted organization and then starts the attack rule.
-
Botnet type - Understand exactly what malware threat is being employed by the cyber criminal to affect your customers. Examples include Zeus, Blackpos, BetaBot, Cryptowall, Cerebrus, Gozi, SpyEye, Pony, Solar, Citadel and many more.
-
Attack type - Identify what the cyber criminals are using the malware to do; for example, web data injection, key-logging, screen wipes or video capture.
-
Attack rules - Know what different rules of web code injection are being used such as HTML requests (GET / POST), data of web page before injection, data of web page after injection.
-
Command and Control (C&C) server address - Enables you to notify the Internet service provider of the offending server for faster dismantling of the threat.
-
Confidence Value - Confidence value of a botnet controller assigned by ADMINUSLabs.
-
Protocol and Port - Protocol and Ports used by botnet to communicate its infected zombies.
-
Hashes of related malware - ADMINUSLabs provides the hash sum (SHA1 and MD5), which is used for malware verification.
-
Decrypted configuration file of related bot — identifying the full list of targeted brands.
-
First Seen time and Last seen time.
Botnet C&C commands and instructions analysis
• URLs of entities under attack
• Botnet name
• Attack date
• Attack type (screenshot, web inject, etc.)
• Web inject codes
• Confidence Value
• C&C center addresses
• MD5 & SHA1 of associated malware
• Related malware sample
• First Seen and Last Seen
• Protocol and Port used by botnet
Frequent updates with monitoring sensors
Botnet Monitoring at ADMINUSLabs
Real-time notification of service users
about attacks targeted at their customers
Notifications
Botnet
Benefits
Unsurpassed accuracy and breadth of intelligence
ADMINUSLabs has the breadth of visibility into real-world threat intelligence, combined with the expertise to analyze threat data to inform and protect our partners and customers ahead of time.
Adjust organization’s response based on risk profile
The combination of threat, vulnerability, and reputation information allows businesses to customize which alerts to take action on based on their internal infrastructure and security posture.
Enable the transition from reactive to proactive security programs
Incorporating enhanced global threat and vulnerability visibility helps identify and block threats before they impact you and your customers network.
Improve your security team's productivity
Delivered as an automated feed, there is no manual threat or analysis required by your team, freeing up time that can be spent on additional tasks.
Block'em before they damage
Identifying a list of Botnet Command & Control server URLs that are targeting your online users allows you to block them by sending requests to CERTs or CSIRTs.
