A Lustrum of Malware Network Communication: Evolution and Insights

I recently came across this white paper which focuses in the dynamic analysis of network indicators for threat detection.

The paper is very easy to read and I found very surprising some of the conclusions obtained from the research. The most revealing one is the fact that months before researchers have access or discovered a new malware, domains used by the malware to connect to their C2 are active. This implies a delay in the detection between the time the malware is available for dynamic analysis and the time that the malware has been successfully deployed in the wild.

As a result the paper proposes a close look to passive DNS to be able to improve detection and reduce the time between the communication to  the C2  and the discovery of the malware.

In the past, I wrote some articles around threat dectection using passive dns if you want to understand this topic.



The white paper is the following,


One Comment Add yours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s