Monday 06 July 2026 17:04:06 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

C2

Command-and-control, the channel malware uses to receive instructions and send data back to operators.

C2, short for command-and-control, is the communication path malware uses to receive instructions from operators and send back stolen data or status updates. It can be a single server, a rotating set of domains, or a peer-to-peer mesh where infected hosts relay traffic for each other. Attackers rely on C2 to task malware, update payloads, and maintain access after the initial compromise.

For defenders, C2 is important because it often leaves network patterns that can be hunted: regular beaconing, rare outbound destinations, unusual DNS activity, or connections to infrastructure that should not exist in the environment. Blocking or disrupting C2 can stop an attack even when the malware is already on the host. Security teams often combine network telemetry, proxy logs, and endpoint detection to spot and contain C2 traffic before the operator can move deeper.

← WIKICROOK index