Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

See more

GET: Botnet Infections Finding Details

Avatar
Ingrid
Follow
Publication Date – March 22, 2022

⇤ Findings

https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=botnet_infections

Get Botnet Infections finding details.

Parameters

For details specific to Botnet Infections, use the ?risk_vector=botnet_infections parameter. Other query parameters are listed in GET: Finding Details.

Example Request

curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=botnet_infections -u api_token:

Example Response

{
  "links":{
    "next":null,
    "previous":null
  },
  "count":9,
  "results":[
      […]
      {
        "temporary_id":"A9Jq47BBje708c931240720bb8b3e4927d1bc2ccd3",
        "pcap_id":"UENBUHBjYXBQQ0FQcGNhcCuU7mueVsYx_RyqvwRgg_aiyeZWLbjKZFAxxo9W8rLNAgEr3gGkCs_iMiv2a-hnkeADHVZSemL79biBzUAJREQ=",
        "affects_rating":true,
        "assets":[
          {
            "asset":"63.208.139.45",
            "identifier":null,
            "category":"low",
            "importance":0.0,
            "is_ip":true
          }
        ],
        "details":{
          "check_pass":" ",
          "geo_ip_location":"US",
          "country":"United States",
          "infection":{
            "family":"ZeroAccess",
            "description":"This trojan is typically used for bitcoin mining and click fraud.",
            "references":[
              "https://web.archive.org/web/20170826074506/https://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99",
              "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2FSirefef"
            ],
            "data_exfiltration":true,
            "unauthorized_access":true,
            "implies_other_infections":true,
            "resource_abuse":true,
            "target_platforms":[
              "Win32"
            ],
            "aliases":[
              "Sirefef"
            ]
          },
          "remediations":[ ],
          "sample_timestamp":"2021-09-17T19:29:14Z",
          "vulnerabilities":[ ],
          "count":76,
          "dest_port":16470,
          "detection_method":"p2p",
          "rollup_end_date":"2021-09-17",
          "rollup_start_date":"2021-09-17",
          "sinkhole_ip":"52.214.166.221",
          "sinkhole_ip_masked":"XXX.214.166.221",
          "src_port":53076
        },
        "evidence_key":"63.208.139.45",
        "first_seen":"2021-09-17",
        "last_seen":"2021-09-17",
        "related_findings":[
          {
            "temporary_id":"A9Jq47BBje708c931240720bb8b3e4927d1bc2ccd3",
            "pcap_id":"UENBUHBjYXBQQ0FQcGNhcCuU7mueVsYx_RyqvwRgg_aiyeZWLbjKZFAxxo9W8rLNAgEr3gGkCs_iMiv2a-hnkeADHVZSemL79biBzUAJREQ=",
            "affects_rating":true,
            "assets":[
              {
                "asset":"63.208.139.45",
                "identifier":null,
                "category":"low",
                "importance":0.0,
                "is_ip":true
              }
            ],
            "details":{
              "check_pass":" ",
              "geo_ip_location":"US",
              "country":"United States",
              "infection":{
                "family":"ZeroAccess",
                "description":"This trojan is typically used for bitcoin mining and click fraud.",
                "references":[
                  "https://web.archive.org/web/20170826074506/https://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99",
                  "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2FSirefef"
                ],
                "data_exfiltration":true,
                "unauthorized_access":true,
                "implies_other_infections":true,
                "resource_abuse":true,
                "target_platforms":[
                  "Win32"
                ],
                "aliases":[
                  "Sirefef"
                ]
              },
              "remediations":[ ],
              "sample_timestamp":"2021-09-17T19:29:14Z",
              "vulnerabilities":[ ],
              "count":76,
              "dest_port":16470,
              "detection_method":"p2p",
              "rollup_end_date":"2021-09-17",
              "rollup_start_date":"2021-09-17",
              "sinkhole_ip":"52.214.166.221",
              "sinkhole_ip_masked":"XXX.214.166.221",
              "src_port":53076
            },
            "evidence_key":"63.208.139.45",
            "first_seen":"2021-09-17T15:26:07Z",
            "last_seen":"2021-09-17T19:29:14Z",
            "risk_category":"Compromised Systems",
            "risk_vector":"botnet_infections",
            "risk_vector_label":"Botnet Infections",
            "rolledup_observation_id":"9xrS_LRulk0UOwb3RTs62w==",
            "severity":10.0,
            "severity_category":"severe",
            "tags":[
              "Corporate Network"
            ],
            "remediation_history":{
              "last_requested_refresh_date":null,
              "last_refresh_status_date":null,
              "last_refresh_status_label":null,
              "last_refresh_reason_code":null
            },
            "asset_overrides":[ ],
            "duration":"1 day",
            "comments":null,
            "attributed_companies":[ ],
            "pinned":null,
            "pinned_by_user":null
          }
        ],
      "risk_category":"Compromised Systems",
      "risk_vector":"botnet_infections",
      "risk_vector_label":"Botnet Infections",
      "rolledup_observation_id":"9xrS_LRulk0UOwb3RTs62w==",
      "severity":10.0,
      "severity_category":"severe",
      "tags":[
        "Corporate Network"
      ],
      "remediation_history":{
        […]
      },
      "asset_overrides":[ ],
      "duration":"1 day",
      "comments":null,
      "remaining_decay":2
    }
  ]
}

Response Attributes

Field Description 
links
Object		 Navigation for multiple pages of results. See pagination.
  
next
String		 The URL to navigate to the next page of results. 
previous
String		 The URL to navigate to the previous page of results. 
count
Integer		 The number of findings. 
results
Array		 Findings and their details.
  Object A finding.
  
temporary_id
String		 A temporary identifier for this finding. 
pcap_id
String		 The packet capture (PCAP or libpcap) ID. 
affects_rating
Boolean		 true = This finding impacts the risk vector letter grade. 
assets
Array		 Asset (IP address or domain) details.
  Object An asset.
  
asset
String		 The asset associated with this finding. 
identifier
Null		 For internal Bitsight use. 
category
String		 The Bitsight-calculated asset importance. 
importance
Decimal		 The Bitsight-calculated asset importance. 
is_ip
Boolean		 true = This asset is an IP address. 
details
Object		 Finding details.
  
check_pass
String		 For internal Bitsight use. 
geo_ip_location
String		 This finding’s country of origin in a 2-letter ISO country code format. 
country
String		 This finding’s country of origin. 
infection
Object		 Infection details.
  
family
String		 This infection’s malware family. 
description
String		 An overview of this infection. 
references
Array		 Information source URLs. 
data_exfiltration
Boolean		 true = This infection allows any unauthorized transfers of sensitive information. 
unauthorized_access
Boolean		 true = This infection allows attackers to connect and then log in as a legitimate user. 
implies_other_infections
Boolean		 true = This infection could lead to other infections. 
resource_abuse
Boolean		 true = This infection is misusing assets. 
target_platforms
Array		 Platforms targeted by this infection. 
aliases
Array		 Alternative names for this infection. 
remediations
Array		 This is not applicable to Botnet Infection findings. 
sample_timestamp
String [YYYY-MM-DDTHH:MM:SSZ]		 The date and time when this finding was observed. 
vulnerabilities
Array		 Vulnerability details. 
count
Integer		 The number of observations for this finding. 
dest_port
Integer		 The destination port. 
detection_method
String		 The detection method for this finding. 
rollup_end_date
String [YYYY-MM-DD]		 The date when this finding was last observed. 
rollup_start_date
String [YYYY-MM-DD]		 The date when this finding was first observed. 
sinkhole_ip
String		 The full sinkhole IP address. 
sinkhole_ip_masked
String		 The masked sinkhole IP address. 
src_port
Integer		 The source port. 
evidence_key
String		 The asset (domain or IP address) that’s attributed to this finding. 
first_seen
String [YYYY-MM-DD]		 The date when this finding was first observed. 
last_seen
String [YYYY-MM-DD]		 The date when this finding was last observed. 
related_findings
Array		 Findings and their details.
  Object A finding.
  
temporary_id
String		 The temporary identifier for this finding. 
pcap_id
String		 The packet capture (PCAP or libpcap) identifier. 
affects_rating
Boolean		 true = This finding impacts the risk vector letter grade. 
assets
Array		 Asset (IP or domain) details.
  Object An asset.
  
asset
String		 The asset associated with this finding. 
identifier
Null		 For internal Bitsight use. 
category
String		 The Bitsight-calculated asset importance slug name. 
importance
Decimal		 The Bitsight-calculated asset importance. 
is_ip
Boolean		 true = This asset is an IP address. 
details
Object		 Finding details.
  
check_pass
String		 For internal Bitsight use. 
geo_ip_location
String		 This finding’s country of origin in a 2-letter ISO country code format. 
country
String		 This finding’s country of origin. 
infection
Object		 Infection details.
  
family
String		 This infection’s malware family. 
description
String		 An overview of this infection. 
references
String		 Infection information sources. 
data_exfiltration
Boolean		 true = This infection allows any unauthorized transfers of sensitive information. 
unauthorized_access
Boolean		 true = This infection allows attackers to connect and then log in as a legitimate user. 
implies_other_infections
Boolean		 true = This infection may lead to other infections. 
resource_abuse
Boolean		 true = This infection is misusing assets. 
target_platforms
Array		 Platforms targeted by this infection. 
aliases
Array		 Alternative names for this infection. 
remediations
Array		 This is not applicable to Botnet Infection findings. 
sample_timestamp
String [YYYY-MM-DDTHH:MM:SSZ]		 The date and time when this finding was observed. 
vulnerabilities
Array		 Vulnerability details. 
count
Integer		 The number of observations for this finding. 
dest_port
Integer		 The destination port. 
detection_method
String		 The detection method for this finding. 
rollup_end_date
String [YYYY-MM-DD]		 The date when this finding was last observed. 
rollup_start_date
String [YYYY-MM-DD]		 The date when this finding was first observed. 
sinkhole_ip
String		 The full sinkhole IP address. 
sinkhole_ip_masked
String		 The masked sinkhole IP address. 
src_port
Integer		 The source port. 
evidence_key
String		 The asset attributed to this finding. 
first_seen
String [YYYY-MM-DDTHH:MM:SSZ]		 The date and time when this finding was first observed. 
last_seen
String [YYYY-MM-DDTHH:MM:SSZ]		 The date and time when this finding was last observed. 
risk_category
String		 The risk category. 
risk_vector
String		 The risk vector slug name. 
risk_vector_label
String		 The risk vector display name. 
rolledup_observation_id
String		 The observation’s identifier. 
severity
Decimal		 This finding’s Bitsight severity. 
severity_category
String		 This finding’s Bitsight severity. 
tags
Array		 Infrastructure tags identifying the asset. 
remediation_history
Object		 If the expand=remediation_history parameter is set, this remediation history is included. This is not applicable to Botnet Infections.
  
last_requested_refresh_date
Null		 This is not applicable to Botnet Infections. 
last_refresh_status_date
Null		 This is not applicable to Botnet Infections. 
last_refresh_status_label
Null		 This is not applicable to Botnet Infections. 
last_refresh_reason_code
Null		 This is not applicable to Botnet Infections. 
asset_overrides
Array		 User-assigned asset importance. 
duration
String		 This finding’s duration. 
comments
String		 This finding’s comments. 
attributed_companies
Array		 Companies in the Ratings Tree that are attributed to this finding. 
pinned
Null		 For internal Bitsight use. 
pinned_by_user
Null		 For internal Bitsight use. 
risk_category
String		 The risk category. 
risk_vector
String		 The risk vector slug name. 
risk_vector_label
String		 The risk vector display name. 
rolledup_observation_id
String		 The observation’s identifier. 
severity
Decimal		 This finding’s Bitsight severity. 
severity_category
String		 This finding’s Bitsight severity. 
tags
Array		 Infrastructure tags identifying the asset. 
remediation_history
Object		 If the expand=remediation_history parameter is set, this remediation history is included. This is not applicable to Botnet Infections.
  
last_requested_refresh_date
Null		 This is not applicable to Botnet Infections. 
last_refresh_status_date
Null		 This is not applicable to Botnet Infections. 
last_refresh_status_label
Null		 This is not applicable to Botnet Infections. 
last_refresh_reason_code
Null		 This is not applicable to Botnet Infections. 
asset_overrides
Array		 User-assigned asset importance. 
duration
String		 This finding’s duration. 
comments
String		 This finding’s comments. 
remaining_decay
Integer		 This finding’s remaining lifetime.

Related articles