MaMa / Casper / plaNETWORK / sun4u Bot Search scanners under monitoring

Previously I wrote a blog post about the ByroeNet/Casper-Like bot scanners, and adapted some ET rules in order to detect these bots activities.

The 1010041 rule focus on all “MaMa” scanners (MaMa CaSpEr, MaMa CyBer, MaMa ebes, etc.), the 1010040 rule focus on all “Bot Search” scanners (b3b4s, Casper, dex, Jcomers, kmccrew, plaNETWORK, sasqia, sledink, etc.) and the ET 2011244 rule focus on all “sun4u” scanners (Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u), etc.).

Until first August the rules where under testing, so the previous values are incorrect.

Here under you can find real time graphs for the 3 different rules.

Monthly event activity for rule 1010040
Monthly event activity for rule 1010040
Monthly event activity for rule 1010041
Monthly event activity for rule 1010041
Monthly event activity for rule 2011244
Monthly event activity for rule 2011244
Montly TOP 10 Source IPs for rule 1010040
Montly TOP 10 Source IPs for rule 1010040
Montly TOP 10 Source IPs for rule 1010041
Montly TOP 10 Source IPs for rule 1010041
Montly TOP 10 Source IPs for rule 2011244
Montly TOP 10 Source IPs for rule 2011244