Research

Our Research CTI offering provides a feed of compromised hosts actively being used for botnet activities such as DDoS attacks and other malicious activity. This dataset is primarily used by ISPs and CERT teams for remediation purposes. It was also featured in our academic research papers, Identifying infected energy systems in the wild and Profiling IoT-based botnet traffic using DNS, co-authored with Lancaster University researchers.

Fields provided: Source IP Address, Source Port, Target Port, Protocol, Country, Date First Seen, Date Last Seen, and Event Count

Enterprise

Our Enterprise CTI offering provides the exploit attempts (includes CVE if known) conducted by malicious hosts and the location of malware payload (binaries) used by threat actors and botnet operators. This is especially useful for locating command-and-control servers before they're used to conduct DDoS attacks.

Fields provided: Source IP, Country, User Agent, Payload, POST Data, Target Port, Protocol, Bad Packets® Tags (Description | Category | CVE), Date First Seen, Date Last Seen, and Event Count

Bad Packets™ CTI feeds are provided via our REST API endpoint in CSV or JSON format. Integration and support are provided under our standard enterprise contract which includes a no-cost pilot period of 30 days.

We also offer cybersecurity consulting services. Please select which service you're interested in and we'll get back to you within one business day.