IRC
Using internet relay chat(IRC) as a C2 channel.
Malware/Threat actors
| Name | Type | Years | Source |
|---|---|---|---|
| Charming Kitten | threat actor | 2014 | GlobalThreatIntelReport.pdf
Charming_Kitten_2017.pdf |
| Whois Hacking Team | threat actor | 2009-2013 | dissecting-operation-troy.pdf
HPSR%20SecurityBriefing_Episode16_NorthKorea.pdf |
| CARBANAK | threat actor | 2017 | paper_the-shadows-of-ghosts-carbanak-report.pdf
stamp.jsp?tp=&arnumber=7460498&tag=1 |
| Aurora Botnet | malware | 2009 | Aurora_Botnet_Command_Structure.pdf
|
| DorkBot | malware | 2014 | FTA_1014_Bots_Machines_and_the_Matrix.pdf
|
Preventions
<Mitigation techniques>
Detections
- Monitor network logs for internal hosts connecting to external hosts via the default IRC port
- Monitor hosts making external DNS requests for IRC servers like
chat.freenode.net.
Toolkit
<Toolkit instructions, if applicable>
Similar techniques
References
[<Source name>](<Source link>)