Differences

This shows you the differences between two versions of the page.

--- bot_search [2022/10/02 12:27]
kaduuwikiadmin
+++ bot_search [2024/11/25 13:51] (current)
kaduuwikiadmin
@@ Line 1: / Line 1: @@
-===== Bot Search =====
+====== Bot Monitoring ======
+===== What is a bot or a botnet? =====
+Malware bots and Internet bots are a type of malware that can be programmed to hack into user accounts, search the Internet for contact information, send spam, or develop other malicious activities. To disguise the origin of such attacks, attackers can also distribute malicious bots through a botnet - that is, a bot network. A botnet consists of a number of devices connected to the Internet and running one or more bots without the knowledge of the respective device owner. Because each device has its own IP address, botnet traffic originates from a variety of IP addresses, making it harder to spot and block its point of origin. Botnets also self-propagate to more devices, which can then send out spam and in turn infect more machines.
+If an IP, host name oder username pops up in the Kaduu logs, it means it has been infected with a malicious bot.
+===== Where can you obtain botnet logs in the darknet? =====
+Botnet logs can be obtained in various darknet marketplaces, forums, and websites. These marketplaces and forums are typically used by cybercriminals to buy and sell stolen data, malware, and other illegal goods and services. Some examples include:
+  * Tor-based marketplaces: Tor is a anonymity network that allows access to hidden services on the darknet. Some marketplaces, like the now-defunct Dream Market, have offered botnet logs for sale.
+  * Hacking forums: Some hacking forums, like the now-defunct Hackforum or Exploit, have a section dedicated to the sale of botnet logs.
+  * Darknet chat rooms: Some hackers use chat rooms or chat apps like Telegram to sell botnet logs.
+It's important to note that access to these sites and marketplaces can be challenging and they are often hidden and may require specific software or knowledge to access them. Additionally, these sites and marketplaces are often taken down by law enforcement, or go offline for other reasons, so the availability of botnet logs on the darknet may vary over time.
+It's also important to note that accessing these sites and attempting to purchase botnet logs is illegal in most countries, and could lead to serious consequences such as civil or criminal charges. Additionally, these sites may host malware, so accessing them could also put your device at risk.
+===== What type of devices are more likely to be infected with bots? =====
+Malicious bots, also known as malware bots or botnets, can infect a wide range of devices, including personal computers, servers, and mobile devices. However, certain types of devices and users are more likely to be targeted than others. It is much more unlikely that public servers are infected with bots opposite to private computers. Here are the most exposed device types:
+  * Personal computers: Home users are often targeted by botnets because they may have weaker security protections in place than organizations. Additionally, botnets can spread through infected email attachments, infected software downloads and infected webpages, which are all common for home users.
+  * Servers: Businesses and organizations that operate servers are also at risk of botnet infections, particularly those that have a significant online presence, such as e-commerce websites or web hosting companies.
+  * Internet of Things (IoT) devices: The increasing popularity of IoT devices, such as smart cameras, routers, and home automation systems, has led to a rise in botnet infections targeting these devices. IoT devices often have weaker security protections and are easily compromised, making them a prime target for botnet operators.
+  * Mobile devices: Mobile devices can also be infected with botnets, particularly those that run on older or unpatched versions of the operating system. This can happen through infected apps, which are downloaded from non-official stores, or through infected webpages which are visited using the mobile browser.
+===== Where is the menu? =====
 There are two search pages:
@@ Line 14: / Line 45: @@
 {{::bot2.png?900|}}
+===== Search Syntax =====
+^ Field      ^ Details     |
+| createdAt | Creation date & time.|
+| collectedAt | Collection date & time..|
+| botId | Bot ID |
+| botName | Software name|
+| botVersion | Version number |
+| ip | IP address |
+| asn	 | Autonomous system number |
+| asnText | ASN description (default field) |
+| country	| Country of bot location |
+| os	| Computer operating system |
+| timeZone	| Computer time zone |
+| computerName| Computer name (default field). |
+| userName | Computer user name (default field) |
+| location	 | Computer location |
+| type	| Record type. |
+| url	| URL (default field) |
+| name	| Record name (default field)|
+| value	| Record value |
+| time	| Record time|
+===== Bot Record Details =====
+If you want to see the details of the bot records, please click on the IP address. You will the see the path of the file, that lead to the malware infection. More details about the user, the internet history and web calls will be also visible:
+{{::bot_details.png?900|}}
+===== Bot Purchase =====
+We offer the possibility to also purchase stealer logs that are discovered in a live search (e.g. https://deepweb.leak.center/forum_search/live_search/). You can send us via Email the purchase request and we will perform the purchase for you. Please note that there is a handling and conversion fee. If the stealer log costs 10 USD, we will charge 20 USD for the purchase since we need to first convert our funds to BTC to perform the purchase. Once we have the logs, we will send them to you and they will disappear in the according forum.

My DokuWiki

User Tools

Site Tools

Differences

Page Tools