Recorded Future’s Insikt Group® conducted a study of malicious command and control (C2) infrastructure identified using proactive scanning methods throughout 2020. All data was sourced from the Recorded Future® Platform. Data in this report is as of November 15, 2020.
Executive Summary
Recorded Future tracks the creation and modification of new malicious infrastructure for a multitude of post-exploitation toolkits, custom malware frameworks, and open-source remote access trojans. The effort has been ongoing since 2017, when Insikt Group created methodologies to identify the deployments of open-source remote access trojans (RATs). Recorded Future collected over 10,000 unique command and control servers during 2020, across more than 80 families.
