The Secret Life of Forgotten Malware Command and Control (C2) Domains

Explore a 26-minute SANS conference talk that investigates the intriguing afterlife of exposed malware command and control (C2) domains. Delve into research that builds upon David Bianco's 'Pyramid of Pain' framework to examine what happens to custom malware domains after their public exposure. Learn about the persistent value these domains hold for both attackers and defenders, discover whether threat actors abandon or repurpose them after exposure, and understand the importance of continued monitoring in Threat Intelligence Platforms (TIPs). Follow along as a Cyber Threat Intelligence (CTI) analyst shares insights gained from purchasing old domains, observing compromised machines' behavior, and analyzing competition for these forgotten digital assets. Gain valuable perspective on the overlooked world of burned C2 domains and their lasting significance in the cybersecurity landscape.