The peer-to-peer(P2P) protocol provides a decentralized command and control technique. A decentralized network allows botnet clients to relay commands to other bots and removes the need of a master server.

Botnet masters stand to lose access to thousands or millions of infected computers if their control servers are shut down, so they’re looking into decentralized P2P communications, where botnet clients can relay commands to one another, as a resilience technique along with other methods like the use of domain name generation algorithms (DGAs), he said.

Another benefit for attackers is that malicious P2P traffic is hard to detect and block at the network level by using traditional approaches that rely on lists of known IP addresses and hosts associated with C&C servers.

Malware/Threat actors

Name	Type	Years	Source
Stuxnet	malware	2008	R41524.pdf w32_stuxnet_dossier.pdf stuxnet_0_5_the_missing_link.pdf
Lazarus Group	threat actor	2011-2014	Operation-Blockbuster-Report.pdf Operation-Blockbuster-RAT-and-Staging-Report.pdf Operation-Blockbuster-Loaders-Installers-and-Uninstallers-Report.pdf Operation-Blockbuster-Destructive-Malware-Report.pdf
Regin	malware	2008-2013	regin-analysis.pdf Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf ICIT-Brief-Know-Your-Enemies-2.0.pdf stamp.jsp?tp=&arnumber=7460498&tag=1
PlugX	malware	2014	GlobalThreatIntelReport.pdf plugx-goes-to-the-registry-and-india.pdf ASERT%20Threat%20Intelligence%20Brief%202015-05%20PlugX%20Threat%20Activity%20in%20Myanmar.pdf P2P_PlugX_Analysis.pdf
SHADOWS IN THE CLOUD	threat actor	2004-2010	shadows-in-the-cloud.pdf
Duqu Trojan	malware	2010	Duqu_Trojan_Questions_and_Answers.pdf The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf stamp.jsp?tp=&arnumber=7460498&tag=1
Epic Turla	threat actor	< Known years active >	The_Epic_Turla_Operation.pdf KL_Epic_Turla_Technical_Appendix_20140806.pdf ICIT-Brief-Know-Your-Enemies-2.0.pdf Turla_2_Penquin.pdf

Preventions

<Mitigation techniques>

Detections

<Detection techniques>

Toolkit

<Toolkit instructions, if applicable>

Similar techniques

• IRC
• ICMP
• DNS
• Webshell
• Remote Admin Tools
• Listening Service
• HTTP

References

• Malware increasingly uses peer-to-peer communications, researchers say