Threat Intelligence

Bad Packets® Cyber Threat Intelligence

The cybersecurity landscape is constantly evolving as emerging threats continue to target enterprise networks, IoT devices, and cloud computing environments. Monitoring and identifying these threats is a critical task to mitigate the damage done by threat actors.

Mirai-like detections last 365 days
Mirai-like detections by daily share of port/service targeted.

We detect active botnets, including variants of Mirai malware, that are scanning the internet and engaging in malicious activity. We locate command-and-control (C2) servers and report them to the affected network providers, CERT teams, and law enforcement agencies. IoT devices infected with malware are typically used for conducting DDoS attacks – making it an important task to locate and remediate compromised hosts quickly.

In addition to tracking botnets, we provide threat intelligence data feeds for attacks targeting:

  • IoT/CPE devices (Consumer routers/modems, IP cameras)
  • Content Management Systems (WordPress, Drupal)
  • Distributed computing platforms (Hadoop, Kubernetes)
  • Frameworks (PHP, ColdFusion)
  • Microsoft Windows endpoints (BlueKeep CVE-2019-0708 vulnerability scans)

Our datasets are tagged with indicators of compromise (IOCs) and include which vulnerabilities are being exploited so you can quickly identify relevant threats to your organization. New unique Mirai-like detections are added to mirai.badpackets.net hourly. Paid plans include the service being targeted and source port to enable locating devices behind a NAT firewall.

Visit our pricing page to sign up for our threat intelligence packages.