Command-and-Control (C2)

Command-and-control (C2) is the covert channel a compromised system uses to communicate with the attacker — receiving instructions and sending out data.

Once inside, malware or an attacker maintains contact with external infrastructure to control the compromised system.

This traffic often hides in normal-looking connections — which is why detecting it requires looking at where systems actually communicate, not just whether a known signature fires.

C2 traffic is a core detection target for network-level analysis.

AEGYS Monitor

RELATED TERMS

Lateral Movement
NDR — Network Detection and Response
Threat Intelligence