Tag

C2

3 briefs RSS

China-Nexus Campaign Using Google Calendar as C2

A China-nexus threat actor is utilizing Google Calendar as a command and control (C2) infrastructure to conduct stealthy operations.

China-nexus actor google-calendar c2 china-nexus

2r 4t Mar 21, 2026

medium advisory

Iranian Botnet Operation Exposed via Open Directory

1 rule 1 TTP 1 IOC

An Iranian botnet operation utilizing a 15-node relay network and active C2 infrastructure was exposed through an open directory.

botnet iran C2

1r 1t 1i Mar 17, 2026

high threat

MuddyWater PowGoop Beacon Decoding Detection

2 rules 4 TTPs

This detection identifies a DLL decoding and executing the PowGoop config.txt payload, indicating a stage in the MuddyWater infection chain where an obfuscated PowerShell beacon is unwrapped and live C2 communication starts.

Splunk Enterprise +3 MuddyWater powgoop dll-sideloading powershell c2 beacon

2r 4t Jan 3, 2024