The Malicious C2 Data Feed is a list of domains of malware command and control (C2) servers. Most embedded malware requires instructions from a command and control server in order to perform pernicious acts such as data exfiltration or scrambling data for ransom. But almost every advanced malware needs a DNS lookup to communicate with a C2 server. Stopping the DNS lookup stops the malware in its tracks.

Our partners Cyber Analysts create the Malicious C2 Data Feed by reverse-engineering malware and, in particular, finding domain-generation algorithms (DGA) embedded within the malware code. Reverse-engineering and using the DGA enables the analysts to generate hundreds of domains that threat actors have registered and bound to C2 servers. The malware is found using the same global sinkhole network used to find malware infections provided in the Infection Records Data Feed.

Dynamic Threat Defense - LookingGlass Dynamic Threat Defense (DTD) is a LookingGlass cyber security solution that utilizes the Cyveillance Malicious C2 Data Feed to automatically mitigate threats via LookingGlass DNS Defender. DTD allows your organization to be automatically protected from threats such as embedded malware, viruses and trojans. In addition, LookingGlass DTD logs malware attempts to find C2 servers, enabling fast remediation of infected machines in your network.

Malicious Command and Control (C2) Data Feed