Command and control (C2)
Definition
The channel through which an attacker sends instructions to malware on a compromised host and receives data back. C2 channels range from direct TCP connections to domain-generation algorithm (DGA) traffic, DNS tunnelling, and traffic over legitimate platforms. Network logs recording C2 traffic are primary evidence in most malware investigations.
Related terms
- Credential stuffing
- An automated attack that replays username-password pairs from previous data breaches against new target services, exploiting the widespread reuse of passwords across...
- Double extortion
- A ransomware tactic in which the attacker exfiltrates data before encrypting it, then demands payment both for the decryption key and for...
- Dropper
- A malware component whose sole function is to deliver and install a secondary payload. The dropper itself may be a trojan, a...
- FAFT Virtual Asset guidance
- Guidance from the Financial Action Task Force requiring member states to regulate virtual asset service providers (cryptocurrency exchanges) as financial institutions, applying...
- Image-based sexual abuse (IBSA)
- The non-consensual creation, capture, or distribution of intimate sexual images. The term encompasses non-consensual intimate image sharing (formerly called revenge porn), upskirt...
- Payload
- The action the malware performs once active: data encryption (ransomware), credential theft (banking trojan), resource hijacking (cryptominer), or system destruction (wiper). The...
- Persistence mechanism
- The technique malware uses to survive a reboot or user logout. Common methods include registry run keys, scheduled tasks, Windows services, cron...
- Propagation mechanism
- The method by which malware copies itself to new hosts. Viruses attach to host files; worms exploit network services autonomously; trojans rely...
- Rootkit
- Malware designed to hide its own presence by subverting the operating system's reporting functions. User-mode rootkits hook API calls; kernel-mode rootkits modify...
- Synthetic identity fraud
- The creation of a fictitious identity by combining real and fabricated personal data elements, such as a genuine national ID number paired...
Explained in these topics
- Malware Taxonomy: Viruses, Trojans, Ransomware and MoreThe channel through which an attacker sends instructions to malware on a compromised host and receives data back. C2 channels range from direct TCP connections...
- Ransomware, Identity Theft and Online ExploitationInfrastructure used by threat actors to issue instructions to compromised systems and receive exfiltrated data. In ransomware operations, C2 channels are typic...