Skip to content
Permalink
master
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time
22 lines (11 sloc) 807 Bytes

#Beacon Detection via Intra-Request Time Deltas

Purpose: Find regular HTTP beaconing behavior which may indicate malware C2

Data Required: HTTP proxy logs

Collection Considerations:

Analysis Techniques: Visualization (Bar graphs)

Description

Malware C2 often utilizes regular request intervals ("beacons") to maintain control with the attacker's infrastructure. By examining the intra-request times between requests to the same resource by the same source IP and visualizing the results, you can look for patterns of regular activity.

Other Notes

More Info