receive data

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: receive data
    namespace: communication
    authors:
      - william.ballenthin@mandiant.com
    description: all known techniques for receiving data from a potential C2 server
    scopes:
      static: function
      dynamic: thread
    mbc:
      - Command and Control::C2 Communication::Receive Data [B0030.002]
    examples:
      - BFB9B5391A13D0AFD787E87AB90F14F5:0x13145D60
  features:
    - or:
      - match: receive data on socket
      - match: read data from Internet
      - match: download URL

last edited: 2023-11-24 10:35:00