![]() ![]() In other words: the security product is using a signature that was meant to detect when a computer on your network was infected and reporting back to a C2. The reason your security product raised an alert is because it is using a signature that should only be used for traffic leaving the network (egress) but is incorrectly being applied to incoming traffic (ingress). Malware Hunter doesn't perform any attacks and the requests it sends don't contain any malicious content. Why did my security software raise an alert? If the crawler gets a positive response from the IP then we know that it's a C2. Since we don't know where the C2s are located the crawler effectively reports back to every IP on the Internet as if the target IP is a C2. It does this by pretending to be an infected client that's reporting back to a C2. ![]() Malware Hunter is a specialized Shodan crawler that explores the Internet looking for command & control (C2s) servers for botnets.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |