Mitigating communication and control attempts
First Claim
Patent Images
1. A system, comprising:
- a processor configured to;
transmit an initial communication and control profile to a first network monitoring system, wherein the initial communication and control profile includes at least one domain, extracted from a first application sample comprising at least one file during at least one of;
a static analysis and a dynamic analysis of the first application sample, and corresponding to a communication and control channel;
at least in part in response to information received from a second network monitoring system that is different from the first network monitoring system, revise the initial communication and control profile and change a verdict associated with a second application sample that is different from the first application sample; and
transmit an updated communication and control profile to the first network monitoring system; and
a memory coupled to the processor and configured to provide the processor with instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
The profiling and fingerprinting of communication and control (C&C) infrastructure is disclosed herein. An initial C&C profile is transmitted to a first network monitoring system. The initial C&C profile includes at least one of: (1) a domain corresponding to a C&C channel, and (2) a C&C pattern corresponding to a C&C channel. At least in part in response to information received from a second network monitoring system, the initial C&C profile is revised. An updated C&C profile is transmitted to the first network monitoring system.
33 Citations
27 Claims
-
1. A system, comprising:
-
a processor configured to; transmit an initial communication and control profile to a first network monitoring system, wherein the initial communication and control profile includes at least one domain, extracted from a first application sample comprising at least one file during at least one of;
a static analysis and a dynamic analysis of the first application sample, and corresponding to a communication and control channel;at least in part in response to information received from a second network monitoring system that is different from the first network monitoring system, revise the initial communication and control profile and change a verdict associated with a second application sample that is different from the first application sample; and transmit an updated communication and control profile to the first network monitoring system; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method, comprising:
-
transmitting an initial communication and control profile to a first network monitoring system, wherein the initial communication and control profile includes at least one domain, extracted from a first application sample comprising at least one file during at least one of;
a static analysis and a dynamic analysis of the first application sample, and corresponding to a communication and control channel;at least in part in response to information received from a second network monitoring system that is different from the first network monitoring system, revising the initial communication and control profile and changing a verdict associated with a second application sample that is different from the first application sample; and transmitting an updated communication and control profile to the first network monitoring system. - View Dependent Claims (15, 16, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
17. A computer program product embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
-
transmitting an initial communication and control profile to a first network monitoring system, wherein the initial communication and control profile includes at least one domain, extracted from a first application sample comprising at least one file during at least one of;
a static analysis and a dynamic analysis of the first application sample, and corresponding to a communication and control channel;at least in part in response to information received from a second network monitoring system that is different from the first network monitoring system, revising the initial communication and control profile and changing a verdict associated with a second application sample that is different from the first application sample; and transmitting an updated communication and control profile to the first network monitoring system.
-
Specification