Software Engineering Institute

Command and control (C2) mechanisms in malware continue to evolve at a rapid pace and show no sign of slowing down. Communications TTPs favored by malicious actors just months ago may be replaced in favor of updated, more evasive approaches at the drop of a hat and with little to no advance warning. This presentation provides a brief summary of common C2 TTPs observed during 2015, noting any differences and similarities along the way, as well as provides insight into anticipated trends for 2016. Malware families covered include exploit kits (Angler), RATs, (PlugX), and selected APTs, and malware crafted to exploit zero-day vulnerabilities (CVE-2015-5119).