(C&C: Command & Control, as in, remotely controlled malware)
Feasibility of this is unclear, but the desire is to detect:
Social media used as C2
Gmail, or similar common service, used as C2
How would network activity even be characterized as C2? Periodicity, unusualness, pattern-of-life time-of-day heuristics? Would any of this metadata analysis be better done with a Network Security Monitor?
(C&C: Command & Control, as in, remotely controlled malware)
Feasibility of this is unclear, but the desire is to detect:
How would network activity even be characterized as C2? Periodicity, unusualness, pattern-of-life time-of-day heuristics? Would any of this metadata analysis be better done with a Network Security Monitor?