Created
October 11, 2023 18:55
-
-
Save albertzsigovits/1c2dd3fc8b5271c9ff72abe0522e875a to your computer and use it in GitHub Desktop.
C2 stats
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - Examined 138 malware family pcaps overall that include some form of C2 communication | |
| - 13/138 malware family only sends HTTP Request Headers in their initial C2 comm, no Request Body | |
| - 125/138 malware family sends some data in their HTTP Request Body | |
| - In the github project (https://github.com/silence-is-best/c2db), we only maintain HTTP Request captures, but had captures for 8 Responses | |
| o (which is a small subset to really draw any conclusion regarding the Response sizes, anyway did some stats on that too) | |
| Content-Lengths: | |
| Minimum HTTP Request Body: 3 bytes | |
| Maximum HTTP Request Body with exfil: 1.2 MB | |
| Maximum HTTP Request Body with no exfil: 214 KB | |
| Average HTTP Request Body with exfil: 43 KB | |
| Average HTTP Request Body with no exfil: 9 KB | |
| Biggest HTTP Response Body: 605 KB | |
| Average HTTP Response Body: 71 KB | |
| Minimum HTTP Response Body: 41 bytes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment