botnet_tracker
Botnet Tracker
The botnet_tracker dataset is similar to the sinkhole_tracker dataset and includes botnet data derived from netflow analysis and open source. This includes the source IP address, destination IP, domain, or URL. In additional to malware traffic, this index also provides a comprehensive list of anonymous proxies observed in the wild. Botnet_tracker also contains IPs checking into 3rd party sinkholes. Red Sky Alliance’s sinkhole data is searchable in the sinkhole_traffic index only.
Field | Description |
indicator | bot source ip |
indicator_type | ipv4addr |
indicator_context | either botnet_ip, proxy_ip, or sinkholed_ip |
c2 | endpoint that source ip connected to. either an ip, domain, or url |
first_seen | when indicator first observed |
last_seen | when indicator last observed |
reference | available reference for the botnet record, if not specified in the attribution field |
asn | autonomous system number for indicator |
attribution | malware attribution known |
country | two character country code |
region | region name geolocated from indicator |
city | city name geolocated from indicator |
postal_code | postal code geolocated from indicator |
area_code | area code geolocated from indicator |
location | latitude longitude coordinates |
etl_data | date data was exported |
Last updated