How Do You Associate Scanning C2 Infrastructure With Different Groups?

Gregles: In the targeted threat space, sometimes you'll find that every C2 server is attributable to a single cluster of activity. Laying the data with SSL certificate issuers and hosting provider can be a really good start for bucketing those things into smaller data sets. But even then there are often enough outliers that you just have to monitor for sightings of those IPs or those domains in different data sets.

Transcript

Play full episode

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

Get the app