Threat Intelligence

Bad Packets® Cyber Threat Intelligence

The cybersecurity landscape is constantly evolving as emerging threats continue to target enterprise networks, internet of things (IoT) devices, and cloud computing environments. Monitoring and identifying these threats is a critical task to mitigate the damage done by threat actors.

We detect active botnets, including variants of Mirai malware, that are scanning the internet and engaging in malicious activity. We locate command-and-control (C2) servers and report them to the affected network providers, CERT teams, and law enforcement agencies. IoT devices infected with malware are typically used for conducting DDoS attacks – making it an important task to locate and remediate compromised hosts quickly.

Bad Packets CTI API Example CVE-2019-15107
Bad Packets was the first to detect mass exploitation of CVE-2019-15107 by threat actors. Compromised servers were used to conduct DDoS attacks.

We provide curated threat intelligence data feeds for malicious activity targeting:

IoT devices

Content Management Systems

Distributed computing platforms

  • Hadoop
  • Kubernetes


  • ColdFusion
  • PHP

Microsoft Windows endpoints

  • BlueKeep CVE-2019-0708 scans
  • EternalBlue exploits

Enterprise-grade VPN servers

Our Enterprise dataset is tagged with the targeted device/service, vulnerability exploited, and the location of malware payload (binaries) used by threat actors. Our feeds are continuously updated with the latest indicators of compromise (IOCs) as new threats are detected. New unique Mirai-like botnet detections are added to hourly. Research and Enterprise plans provide faster update intervals and include technical support.

Visit our pricing page to sign up for our threat intelligence offerings.