Explorator

7.8k

Active C2 servers fingerprinted

31.76k

Services identified in C2 Tech stacks

170

Groups, APT’s or threat actors mapped to C2’s

4.2Bn

IP addresses scanned every week

Explorator: Command & Control Intelligence

Dendrite’s Command & Control (C2) intelligence engine (“Explorator”) performs active collection, characterization and analysis of C2 servers and other infrastructure working in connection with malware campaigns. A record is created for each server identified, which is then updated within our databases and continuously enriched with many hundreds of data points, each of which are automatically correlated to our proprietary & third-party data sources. Each discovered C2 is continuously monitored in real-time, producing time series data and enabling active behavioral analysis.

What’s Inside:

  • Dendrite’s proprietary record format and correlation process enables continued observation and grouping of C2’s as they morph to avoid legacy tracking methods.

  • All C2 frameworks produce distinctive fingerprints that match known malicious configurations but differ from legitimate servers. Explorator's identification framework produces detailed information on the C2’s software stack, including novel and custom configurations, featuring dozens of data points for identification.

  • Pre-matched fingerprints and analogous configurations, automatically linked to groups & actors, their TTP’s and code or malware samples.

  • All identified C2 servers are continuously monitored by the Explorator platform, for changes in behavior, active services and more.

  • Once a record is created, it exists within our database forever - enabling forensic analysis of servers which might have been used & spun down after the conclusion of an attack.

Part of the Complete Data Platform

Each of our core capabilities is represented by a fully independent extract, transform and load (ETL) pipeline, enabling Dendrite to ingest and correlate data between technically disparate resources and infrastructure. All records built by Explorator are enriched with many dozens of additional data points, linking Command & Control server details to threat actors, criminal groups, dark web services, users, communication hubs, Leaked credentials and more.

Void Runner (Dark Web Intel)
Void Runner (Dark Web Intel)
Leaked Credentials
Leaked Credentials
Agentic AI & ML Training Data
Agentic AI & ML Training Data

So many things in development

2026 Roadmap (coming soon)
2026 Roadmap (coming soon)

Our pursuit of perfection in enterprise defense mandates that every stone is upturned - no matter how fringe the case or how difficult the path to development may be.

With dozens of POC’s and MVP’s in the works, our researchers and development teams work to continuously deliver bleeding edge capabilities to the Dendrite Unfed Platform and data sources.

Get in touch

A man sitting at a desk using a laptop, smiling and looking at the screen, in a well-lit room.

Interested in learning more, scheduling a demo or speaking with our team? Get in contact with us - we'd love to hear from you.

Contact Us
Contact Us