Palo Alto Networks

command and control

From The Hunter Diaries - Detecting C2 Servers

Command and Control servers, AKA C2 servers, are servers operated by threat actors and are used for maintaining communications with compromised systems within a target network. With the recent rise in double extortion ransomware campaigns, attackers are also sending exfiltrated data to C2 servers.

Needless to say, one of our most important tasks of a threat hunter is to identify potential C2 servers which are communicated to from within a corpor...

May 20, 2021

By Oded Awaskar

Palo Alto Networks

Products and Services

Partners

Security Platform

What Are Unknown Cyber Threats? (And Are They Really Unknown?)

Most traditional security products are built to act based on known threats. The moment they see something that is known to be malicious, they block it. To get past security product...

Dec 01, 2016

By Karin Shopen

Security Platform

Setting Expectations for Prevention Readiness: The Prevention-Posture Asses...

Our commitment to making prevention a core component of architecture is real. As such, we created a standard assessment methodology to help set expectations about prevention and cr...

Nov 15, 2016

By Tim Treat and Nate Bitting

Malware, Threat Prevention, Unit 42

New Wekby Attacks Use DNS Requests As Command and Control Mechanism

We have observed an attack led by the APT group Wekby targeting a US-based organization in recent weeks. Wekby is a group that has been active for a n...

May 24, 2016

By Josh Grunzweig, Mike Scott and Bryan Lee

Threat Advisory/Analysis, Threat Prevention, Unit 42

Attacks on East Asia using Google Code for Command and Control

Recently, FireEye published a blog titled “Operation Poisoned Hurricane” which detailed the use of PlugX malware variants signed with legitimate certi...

Aug 15, 2014

By Jen Miller-Osborn and Rob Downs

Load more blogs