Explorator
Notice: Patent Pending
Certain technical details, processes, methods, and innovations described or illustrated on this page have been intentionally omitted or redacted to protect confidential trade secrets and patentable subject matter.
One or more patent applications have been filed (or are in preparation) with respect to the technologies and inventions referenced herein. These inventions are currently Patent Pending in the United States and/or other jurisdictions.
4.5k
C2 servers fingerprinted
15.75k
Services identified in C2 Tech stacks
170
Groups, APT’s or threat actors mapped to C2’s
12x
Per day, Explorator scans the entire internet for C2’s
Explorator: Command & Control Intelligence
Dendrite’s Command & Control (C2) intelligence engine (“Explorator”) performs active collection, characterization and analysis of C2 servers and other infrastructure working. in connection with malware campaigns. A record is created for each server identified, which is then updated within our databases and continuously enriched with high fidelity metadata and correlated to our proprietary & third-party data sources.
What’s Inside:
-
Records of active C2 servers, each featuring many dozens of data points granting insight into their operations and services. Dendrite’s proprietary record format and correlation process enables continued observation and grouping of C2’s as they morph to avoid legacy tracking methods.
-
All C2 frameworks produce distinctive fingerprints that match known malicious configurations but differ from legitimate servers. Explorator's identification framework produces detailed information on the C2 software stack, including novel and custom configurations, featuring dozens of data points for identification.
-
Pre-matched fingerprints and analogous configurations, automatically linked to groups & actors, their TTP’s and code or malware samples.
-
Once a record is created, it exists within our database forever - enabling forensic analysis of servers which might have been used & spun down after the conclusion of an attack.
Part of the Complete Data Platform
Each of our core capabilities is represented by a fully independent extract, transform and load (ETL) pipeline, enabling Dendrite to ingest and correlate data between technically disparate resources and infrastructure. All records built by Explorator are enriched with many dozens of additional data points, linking Command & Control server details to threat actors, criminal groups, dark web services, users, communication hubs, Leaked credentials and more.
So many things in development
Our pursuit of perfection in enterprise defense mandates that every stone is upturned - no matter how fringe the case or how difficult the path to development may be.
With dozens of POC’s and MVP’s in the works, our researchers and development teams work to continuously deliver bleeding edge capabilities to the Dendrite Unfed Platform and data sources.
Get in touch
Interested in learning more, scheduling a demo or speaking with our team? Get in contact with us - we'd love to hear from you.