class P2PCnC(Signature):
name = "p2p_cnc"
description = "Communication to multiple IPs on high port numbers possibly indicative of a peer-to-peer (P2P) or non-standard command and control protocol"
severity = 2
categories = ["p2p", "cnc"]
authors = ["Kevin Ross"]
minimum = "2.0"
filter_analysistypes = set(["file"])
servers = []
The servers variable is class level. Once I see a report with the P2P description added, all following job reports have it as well, until I restart Cuckoo.
The code in question is here:
The servers variable is class level. Once I see a report with the P2P description added, all following job reports have it as well, until I restart Cuckoo.