bot_search
This is an old revision of the document!
Table of Contents
Bot Search
There are two search pages:
- Bot Record Search: On the bot records search page you can search in a database of indexed stealer bot records. The information is collected from stealer (trojan) logs distributed on hacker forums and marketplaces. This index is different from bot search, as it indexes separate records.
- Bot Search: On this page you can search in a database of indexed stealer bot records. The information is collected from stealer (trojan) logs distributed on hacker forums and marketplaces. This index is different from bot record search, as it indexes bots and not separate records.
Bot Record Search
The syntax for the bot search needs to use our special operators. Lets say you want to find all bots that connect to a URL that contains "sbb", you need to search for url:sbb*. If you only search for sbb, you will get 0 results!
Search Syntax
| Field | Details |
|---|---|
| createdAt | Creation date & time. |
| collectedAt | Collection date & time.. |
| botId | Bot ID |
| botName | Software name |
| botVersion | Version number |
| ip | IP address |
| asn | Autonomous system number |
| asnText | ASN description (default field) |
| country | Country of bot location |
| os | Computer operating system |
| timeZone | Computer time zone |
| computerName | Computer name (default field). |
| userName | Computer user name (default field) |
| location | Computer location |
| type | Record type. |
| url | URL (default field) |
| name | Record name (default field) |
| value | Record value |
| time | Record time |
bot_search.1666784781.txt.gz · Last modified: 2023/05/22 20:40 (external edit)
