{"id":31108,"date":"2023-11-01T11:28:59","date_gmt":"2023-11-01T11:28:59","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=31108"},"modified":"2023-11-01T11:29:03","modified_gmt":"2023-11-01T11:29:03","slug":"c2-tracker","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/c2-tracker\/","title":{"rendered":"C2 Tracker &#8211; Tracking C2, Malware, and Botnets"},"content":{"rendered":"\n<p>Free to use IOC feed for various tools\/malware. It started out for just C2 tools but has morphed into tracking infostealers and botnets as well. <\/p>\n\n\n\n<p>It uses&nbsp;<a href=\"https:\/\/www.shodan.io\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Shodan<\/a>&nbsp;searches to collect the IPs. The most recent collection is always stored in&nbsp;<code>data<\/code>; the IPs are broken down by tool and there is an&nbsp;<code>all.txt<\/code>.<\/p>\n\n\n\n<p>The feed should update daily.&nbsp;<em>Actively working on making the backend more reliable<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"user-content-honorable-mentions\"><strong><a href=\"https:\/\/github.com\/montysecurity\/C2-Tracker#honorable-mentions\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Honorable Mentions<\/a><\/strong><\/h2>\n\n\n\n<p>Many of the Shodan queries have been sourced from other CTI researchers:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/twitter.com\/BushidoToken\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">BushidoToken<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/twitter.com\/MichalKoczwara\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Michael Koczwara<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/twitter.com\/ViriBack\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">ViriBack<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/twitter.com\/Gi7w0rm\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Gi7W0rm<\/a><\/li>\n<\/ul>\n\n\n\n<p>Huge shoutout to them!<\/p>\n\n\n\n<p>Thanks to&nbsp;<a href=\"https:\/\/twitter.com\/BertJanCyber\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">BertJanCyber<\/a>&nbsp;for creating the&nbsp;<a href=\"https:\/\/github.com\/Bert-JanP\/Hunting-Queries-Detection-Rules\/blob\/main\/Threat%20Hunting\/TI%20Feed%20-%20MontySecurity%20C2%20Tracker%20All%20IPs.md\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">KQL query<\/a>&nbsp;for ingesting this feed<\/p>\n\n\n\n<p>And finally, thanks to&nbsp;<a href=\"https:\/\/twitter.com\/Y_NeXRo\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Y_nexro<\/a>&nbsp;for creating&nbsp;<a href=\"https:\/\/github.com\/YoNixNeXRo\/C2Live\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">C2Live<\/a>&nbsp;in order to visualize the data<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"user-content-what-do-i-track\"><strong><a href=\"https:\/\/github.com\/montysecurity\/C2-Tracker#what-do-i-track\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">What Do I Track?<\/a><\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C2&#8217;s\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.cobaltstrike.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Cobalt Strike<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.metasploit.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Metasploit Framework<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/cobbr\/Covenant\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Covenant<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/its-a-feature\/Mythic\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Mythic<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/bruteratel.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Brute Ratel C4<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/nettitude\/PoshC2\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Posh<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/BishopFox\/sliver\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Sliver<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/DeimosC2\/DeimosC2\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Deimos<\/a><\/li>\n\n\n\n<li>PANDA<\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/chvancooten\/NimPlant\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">NimPlant C2<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/HavocFramework\/Havoc\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Havoc C2<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/caldera.mitre.org\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Caldera<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/EmpireProject\/Empire\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Empire<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/sweetsoftware\/Ares\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Ares<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Malware\n<ul class=\"wp-block-list\">\n<li>AcidRain Stealer<\/li>\n\n\n\n<li>Misha Stealer (AKA Grand Misha)<\/li>\n\n\n\n<li>Patriot Stealer<\/li>\n\n\n\n<li>RAXNET Bitcoin Stealer<\/li>\n\n\n\n<li>Titan Stealer<\/li>\n\n\n\n<li>Collector Stealer<\/li>\n\n\n\n<li><a href=\"https:\/\/twitter.com\/_montysecurity\/status\/1643164749599834112\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Mystic Stealer<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/twitter.com\/FalconFeedsio\/status\/1705765083429863720\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Gotham Stealer<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/twitter.com\/g0njxa\/status\/1717563999984717991?t=rcVyVA2zwgJtHN5jz4wy7A&amp;s=19\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Meduza Stealer<\/a><\/li>\n\n\n\n<li>Quasar RAT<\/li>\n\n\n\n<li>ShadowPad<\/li>\n\n\n\n<li>AsyncRAT<\/li>\n\n\n\n<li>DcRat<\/li>\n\n\n\n<li>BitRAT<\/li>\n\n\n\n<li>DarkComet Trojan<\/li>\n\n\n\n<li>XtremeRAT Trojan<\/li>\n\n\n\n<li>NanoCore RAT Trojan<\/li>\n\n\n\n<li>Gh0st RAT Trojan<\/li>\n\n\n\n<li>DarkTrack RAT Trojan<\/li>\n\n\n\n<li>njRAT Trojan<\/li>\n\n\n\n<li>Remcos Pro RAT Trojan<\/li>\n\n\n\n<li>Poison Ivy Trojan<\/li>\n\n\n\n<li>Orcus RAT Trojan<\/li>\n\n\n\n<li>ZeroAccess Trojan<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Tools\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/portswigger.net\/burp\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">BurpSuite<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/xmrig.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">XMRig Monero Cryptominer<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/getgophish.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">GoPhish<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Botnets\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/gi7w0rm.medium.com\/the-curious-case-of-the-7777-botnet-86e3464c3ffd\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">7777 Botnet<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"user-content-running-locally\"><a href=\"https:\/\/github.com\/montysecurity\/C2-Tracker#running-locally\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><strong>Running Locally<\/strong><\/a><\/h2>\n\n\n\n<p>If you want to host a private version, put your Shodan API key in an environment variable called&nbsp;<code>SHODAN_API_KEY<\/code><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo SHODAN_API_KEY=API_KEY &gt;&gt; ~\/.bashrc\nbash\npython3 -m pip install -r requirements.txt\npython3 tracker.py<\/code><\/pre>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Free to use IOC feed for various tools\/malware. It started out for just C2 tools but has morphed into tracking infostealers and botnets as well. It uses&nbsp;Shodan&nbsp;searches to collect the IPs. The most recent collection is always stored in&nbsp;data; the IPs are broken down by tool and there is an&nbsp;all.txt. The feed should update daily.&nbsp;Actively [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":31115,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgUO_0aS3doKJgngFqqWASubLd70I7__PfWfeQH0xbYf_auCDFRWoOeA4a1lVw8CJd6QOah1zlXJVFnjPQtM27GPSXwwXtEe6rIHu_aK0_y1mYDPZekafvpGpfj110vieaqb37YES6HHK0mquB_SSVTn9XmVXxItDnkqfhvicbAFxMrs0kd8TC0cekSPw\/s16000\/C2%20Tracker.png","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[20],"tags":[6397,737,6321,6052,6325],"class_list":["post-31108","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-c2-tracker","tag-cybersecurity","tag-informationsecurity","tag-kalilinux","tag-kalilinuxtools"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>C2 Tracker - Tracking C2, Malware, and Botnets<\/title>\n<meta name=\"description\" content=\"Free to use IOC feed for various tools\/malware. It started out for just C2 tools but has morphed into tracking infostealers and botnets as\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/c2-tracker\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"C2 Tracker - Tracking C2, Malware, and Botnets\" \/>\n<meta property=\"og:description\" content=\"Free to use IOC feed for various tools\/malware. It started out for just C2 tools but has morphed into tracking infostealers and botnets as\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/c2-tracker\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-01T11:28:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-11-01T11:29:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgUO_0aS3doKJgngFqqWASubLd70I7__PfWfeQH0xbYf_auCDFRWoOeA4a1lVw8CJd6QOah1zlXJVFnjPQtM27GPSXwwXtEe6rIHu_aK0_y1mYDPZekafvpGpfj110vieaqb37YES6HHK0mquB_SSVTn9XmVXxItDnkqfhvicbAFxMrs0kd8TC0cekSPw\/s16000\/C2%20Tracker.png\" \/>\n<meta name=\"author\" content=\"Varshini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgUO_0aS3doKJgngFqqWASubLd70I7__PfWfeQH0xbYf_auCDFRWoOeA4a1lVw8CJd6QOah1zlXJVFnjPQtM27GPSXwwXtEe6rIHu_aK0_y1mYDPZekafvpGpfj110vieaqb37YES6HHK0mquB_SSVTn9XmVXxItDnkqfhvicbAFxMrs0kd8TC0cekSPw\/s16000\/C2%20Tracker.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Varshini\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/c2-tracker\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/c2-tracker\/\"},\"author\":{\"name\":\"Varshini\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\"},\"headline\":\"C2 Tracker &#8211; Tracking C2, Malware, and Botnets\",\"datePublished\":\"2023-11-01T11:28:59+00:00\",\"dateModified\":\"2023-11-01T11:29:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/c2-tracker\/\"},\"wordCount\":252,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/c2-tracker\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgUO_0aS3doKJgngFqqWASubLd70I7__PfWfeQH0xbYf_auCDFRWoOeA4a1lVw8CJd6QOah1zlXJVFnjPQtM27GPSXwwXtEe6rIHu_aK0_y1mYDPZekafvpGpfj110vieaqb37YES6HHK0mquB_SSVTn9XmVXxItDnkqfhvicbAFxMrs0kd8TC0cekSPw\/s16000\/C2%20Tracker.png\",\"keywords\":[\"C2 Tracker\",\"cybersecurity\",\"informationsecurity\",\"kalilinux\",\"kalilinuxtools\"],\"articleSection\":[\"Cyber security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/c2-tracker\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/c2-tracker\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/c2-tracker\/\",\"name\":\"C2 Tracker - Tracking C2, Malware, and Botnets\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/c2-tracker\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/c2-tracker\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgUO_0aS3doKJgngFqqWASubLd70I7__PfWfeQH0xbYf_auCDFRWoOeA4a1lVw8CJd6QOah1zlXJVFnjPQtM27GPSXwwXtEe6rIHu_aK0_y1mYDPZekafvpGpfj110vieaqb37YES6HHK0mquB_SSVTn9XmVXxItDnkqfhvicbAFxMrs0kd8TC0cekSPw\/s16000\/C2%20Tracker.png\",\"datePublished\":\"2023-11-01T11:28:59+00:00\",\"dateModified\":\"2023-11-01T11:29:03+00:00\",\"description\":\"Free to use IOC feed for various tools\/malware. It started out for just C2 tools but has morphed into tracking infostealers and botnets as\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/c2-tracker\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/c2-tracker\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgUO_0aS3doKJgngFqqWASubLd70I7__PfWfeQH0xbYf_auCDFRWoOeA4a1lVw8CJd6QOah1zlXJVFnjPQtM27GPSXwwXtEe6rIHu_aK0_y1mYDPZekafvpGpfj110vieaqb37YES6HHK0mquB_SSVTn9XmVXxItDnkqfhvicbAFxMrs0kd8TC0cekSPw\/s16000\/C2%20Tracker.png\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgUO_0aS3doKJgngFqqWASubLd70I7__PfWfeQH0xbYf_auCDFRWoOeA4a1lVw8CJd6QOah1zlXJVFnjPQtM27GPSXwwXtEe6rIHu_aK0_y1mYDPZekafvpGpfj110vieaqb37YES6HHK0mquB_SSVTn9XmVXxItDnkqfhvicbAFxMrs0kd8TC0cekSPw\/s16000\/C2%20Tracker.png\",\"width\":\"728\",\"height\":\"380\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\",\"name\":\"Varshini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"caption\":\"Varshini\"},\"description\":\"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.\",\"sameAs\":[\"http:\/\/kalilinuxtutorials.com\",\"https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/\"],\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"C2 Tracker - Tracking C2, Malware, and Botnets","description":"Free to use IOC feed for various tools\/malware. It started out for just C2 tools but has morphed into tracking infostealers and botnets as","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/c2-tracker\/","og_locale":"en_US","og_type":"article","og_title":"C2 Tracker - Tracking C2, Malware, and Botnets","og_description":"Free to use IOC feed for various tools\/malware. It started out for just C2 tools but has morphed into tracking infostealers and botnets as","og_url":"https:\/\/kalilinuxtutorials.com\/c2-tracker\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2023-11-01T11:28:59+00:00","article_modified_time":"2023-11-01T11:29:03+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgUO_0aS3doKJgngFqqWASubLd70I7__PfWfeQH0xbYf_auCDFRWoOeA4a1lVw8CJd6QOah1zlXJVFnjPQtM27GPSXwwXtEe6rIHu_aK0_y1mYDPZekafvpGpfj110vieaqb37YES6HHK0mquB_SSVTn9XmVXxItDnkqfhvicbAFxMrs0kd8TC0cekSPw\/s16000\/C2%20Tracker.png","type":"","width":"","height":""}],"author":"Varshini","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgUO_0aS3doKJgngFqqWASubLd70I7__PfWfeQH0xbYf_auCDFRWoOeA4a1lVw8CJd6QOah1zlXJVFnjPQtM27GPSXwwXtEe6rIHu_aK0_y1mYDPZekafvpGpfj110vieaqb37YES6HHK0mquB_SSVTn9XmVXxItDnkqfhvicbAFxMrs0kd8TC0cekSPw\/s16000\/C2%20Tracker.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"Varshini","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/c2-tracker\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/c2-tracker\/"},"author":{"name":"Varshini","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa"},"headline":"C2 Tracker &#8211; Tracking C2, Malware, and Botnets","datePublished":"2023-11-01T11:28:59+00:00","dateModified":"2023-11-01T11:29:03+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/c2-tracker\/"},"wordCount":252,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/c2-tracker\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgUO_0aS3doKJgngFqqWASubLd70I7__PfWfeQH0xbYf_auCDFRWoOeA4a1lVw8CJd6QOah1zlXJVFnjPQtM27GPSXwwXtEe6rIHu_aK0_y1mYDPZekafvpGpfj110vieaqb37YES6HHK0mquB_SSVTn9XmVXxItDnkqfhvicbAFxMrs0kd8TC0cekSPw\/s16000\/C2%20Tracker.png","keywords":["C2 Tracker","cybersecurity","informationsecurity","kalilinux","kalilinuxtools"],"articleSection":["Cyber security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/c2-tracker\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/c2-tracker\/","url":"https:\/\/kalilinuxtutorials.com\/c2-tracker\/","name":"C2 Tracker - Tracking C2, Malware, and Botnets","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/c2-tracker\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/c2-tracker\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgUO_0aS3doKJgngFqqWASubLd70I7__PfWfeQH0xbYf_auCDFRWoOeA4a1lVw8CJd6QOah1zlXJVFnjPQtM27GPSXwwXtEe6rIHu_aK0_y1mYDPZekafvpGpfj110vieaqb37YES6HHK0mquB_SSVTn9XmVXxItDnkqfhvicbAFxMrs0kd8TC0cekSPw\/s16000\/C2%20Tracker.png","datePublished":"2023-11-01T11:28:59+00:00","dateModified":"2023-11-01T11:29:03+00:00","description":"Free to use IOC feed for various tools\/malware. It started out for just C2 tools but has morphed into tracking infostealers and botnets as","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/c2-tracker\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/c2-tracker\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgUO_0aS3doKJgngFqqWASubLd70I7__PfWfeQH0xbYf_auCDFRWoOeA4a1lVw8CJd6QOah1zlXJVFnjPQtM27GPSXwwXtEe6rIHu_aK0_y1mYDPZekafvpGpfj110vieaqb37YES6HHK0mquB_SSVTn9XmVXxItDnkqfhvicbAFxMrs0kd8TC0cekSPw\/s16000\/C2%20Tracker.png","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgUO_0aS3doKJgngFqqWASubLd70I7__PfWfeQH0xbYf_auCDFRWoOeA4a1lVw8CJd6QOah1zlXJVFnjPQtM27GPSXwwXtEe6rIHu_aK0_y1mYDPZekafvpGpfj110vieaqb37YES6HHK0mquB_SSVTn9XmVXxItDnkqfhvicbAFxMrs0kd8TC0cekSPw\/s16000\/C2%20Tracker.png","width":"728","height":"380"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa","name":"Varshini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","caption":"Varshini"},"description":"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.","sameAs":["http:\/\/kalilinuxtutorials.com","https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/"],"url":"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgUO_0aS3doKJgngFqqWASubLd70I7__PfWfeQH0xbYf_auCDFRWoOeA4a1lVw8CJd6QOah1zlXJVFnjPQtM27GPSXwwXtEe6rIHu_aK0_y1mYDPZekafvpGpfj110vieaqb37YES6HHK0mquB_SSVTn9XmVXxItDnkqfhvicbAFxMrs0kd8TC0cekSPw\/s16000\/C2%20Tracker.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":1779,"url":"https:\/\/kalilinuxtutorials.com\/sipi-simple-ip-information-tools\/","url_meta":{"origin":31108,"position":0},"title":"SIPI &#8211; Simple IP Information Tools for Reputation Data Analysis","author":"R K","date":"June 28, 2018","format":false,"excerpt":"SIPI tool is aimed for Incident Response Team and anyone what's want to know the behaviour of the \"suspicious\" IP Address. The tools do search looking for reputation info from a set of open threat intelligence sources. Information about this IP like malware activity, malicious activity, blacklist, spam and botnet\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/button_download.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":37071,"url":"https:\/\/kalilinuxtutorials.com\/c2intelfeeds\/","url_meta":{"origin":31108,"position":1},"title":"C2IntelFeeds: Real-Time C2 Infrastructure Tracking for Threat Intelligence","author":"0xSnow","date":"March 14, 2025","format":false,"excerpt":"What is C2IntelFeeds? C2IntelFeeds is an open-source intelligence project that provides real-time Command and Control (C2) infrastructure data. Using data from Censys and custom detection signatures, it identifies and tracks malicious C2 servers, domains, and IP addresses that threat actors use for cyberattacks. By leveraging these feeds, security teams can\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/C2IntelFeeds-.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/C2IntelFeeds-.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/C2IntelFeeds-.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/C2IntelFeeds-.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/C2IntelFeeds-.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/C2IntelFeeds-.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":3590,"url":"https:\/\/kalilinuxtutorials.com\/imaginaryc2-network-analysis-malware\/","url_meta":{"origin":31108,"position":2},"title":"ImaginaryC2:Python Tool Help In Network Behavioral Analysis Of Malware","author":"R K","date":"January 18, 2019","format":false,"excerpt":"ImaginaryC2 is a python tool which aims to help in the behavioral (network) analysis of malware. It hosts a HTTP server which captures HTTP requests towards selectively chosen domains\/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses\/served payloads. By using this tool, an analyst can\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2019\/01\/Imaginary-C2-1-1024x721.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2019\/01\/Imaginary-C2-1-1024x721.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2019\/01\/Imaginary-C2-1-1024x721.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2019\/01\/Imaginary-C2-1-1024x721.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":35897,"url":"https:\/\/kalilinuxtutorials.com\/stonekeeper-c2\/","url_meta":{"origin":31108,"position":3},"title":"StoneKeeper C2 : A Research-Oriented Command-And-Control Framework For EDR Evasion","author":"Varshini","date":"January 30, 2025","format":false,"excerpt":"The StoneKeeper C2 is an experimental command-and-control (C2) framework designed for research purposes, focusing on modern Windows malware tactics and Endpoint Detection and Response (EDR) evasion techniques. It serves as a learning tool for cybersecurity professionals and researchers interested in understanding malware development and C2 frameworks. Key Features And Functions\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/StoneKeeper-C2.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/StoneKeeper-C2.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/StoneKeeper-C2.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/StoneKeeper-C2.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/StoneKeeper-C2.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/01\/StoneKeeper-C2.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":22101,"url":"https:\/\/kalilinuxtutorials.com\/shonydanza-2\/","url_meta":{"origin":31108,"position":4},"title":"ShonyDanza : A Customizable Tool For Researching, Pen Testing, And Defending With The Power Of Shodan","author":"R K","date":"February 25, 2022","format":false,"excerpt":"ShonyDanza is a customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan. With ShonyDanza, you can: Obtain IPs based on search criteriaAutomatically exclude honeypots from the results based on your pre-configured thresholdsPre-configure all IP searches to filter on your specified net range(s)Pre-configure search limitsUse build-a-search\u2026","rel":"","context":"In \"Customizable Tool\"","block_context":{"text":"Customizable Tool","link":"https:\/\/kalilinuxtutorials.com\/tag\/customizable-tool\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiTOM8Ljl0IDy5-1XVk2Y-UNUq25pSw0ddISsZjUdOyzgF_2KIgCzrUcHYESmqf6pV9Pg9DERH0TclRp_u8tbjxsVgy2M1cAndaE9bDt7Zo_B4sT5shA2xitbslvip58rth3YEQnJVZs6vh9RG8sRubjgsmPLLXodNmIEn5OGRlxe7ZOvEg0yq6YLUY=s728","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiTOM8Ljl0IDy5-1XVk2Y-UNUq25pSw0ddISsZjUdOyzgF_2KIgCzrUcHYESmqf6pV9Pg9DERH0TclRp_u8tbjxsVgy2M1cAndaE9bDt7Zo_B4sT5shA2xitbslvip58rth3YEQnJVZs6vh9RG8sRubjgsmPLLXodNmIEn5OGRlxe7ZOvEg0yq6YLUY=s728 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiTOM8Ljl0IDy5-1XVk2Y-UNUq25pSw0ddISsZjUdOyzgF_2KIgCzrUcHYESmqf6pV9Pg9DERH0TclRp_u8tbjxsVgy2M1cAndaE9bDt7Zo_B4sT5shA2xitbslvip58rth3YEQnJVZs6vh9RG8sRubjgsmPLLXodNmIEn5OGRlxe7ZOvEg0yq6YLUY=s728 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiTOM8Ljl0IDy5-1XVk2Y-UNUq25pSw0ddISsZjUdOyzgF_2KIgCzrUcHYESmqf6pV9Pg9DERH0TclRp_u8tbjxsVgy2M1cAndaE9bDt7Zo_B4sT5shA2xitbslvip58rth3YEQnJVZs6vh9RG8sRubjgsmPLLXodNmIEn5OGRlxe7ZOvEg0yq6YLUY=s728 2x"},"classes":[]},{"id":20337,"url":"https:\/\/kalilinuxtutorials.com\/melting-cobalt\/","url_meta":{"origin":31108,"position":5},"title":"Melting-Cobalt : A Cobalt Strike Scanner That Retrieves Detected Team Server Beacons Into A JSON Object","author":"R K","date":"November 22, 2021","format":false,"excerpt":"Melting-Cobalt tool to hunt\/mine for Cobalt Strike beacons and \"reduce\" their beacon configuration for later indexing. Hunts can either be expansive and internet wide using services like Security Trails, Shodan, or ZoomEye or a list of IP's. Getting started Install\u00a0melting-cobaltConfigure\u00a0your tokens to begin the huntMine\u00a0Beacons to begin reducing themReview results\u00a0cat\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjI4-Nh28PKbTHKisOfTcH2O54MFmj-HDmoFI_CXG1LWe-udv2bFrRvUCN_fS1vevEmyrmU1EF3qxM1QIlvhc8BTZkM34wyXZ3FshgMpUuu59BPgJ4b3XcMmgHM-42_qj-qBt6tnDjvttJrhPavXa0f5b3tkRBvGdvqkFDaPffoD2d6EXDuHCkcIEdN=s728","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjI4-Nh28PKbTHKisOfTcH2O54MFmj-HDmoFI_CXG1LWe-udv2bFrRvUCN_fS1vevEmyrmU1EF3qxM1QIlvhc8BTZkM34wyXZ3FshgMpUuu59BPgJ4b3XcMmgHM-42_qj-qBt6tnDjvttJrhPavXa0f5b3tkRBvGdvqkFDaPffoD2d6EXDuHCkcIEdN=s728 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjI4-Nh28PKbTHKisOfTcH2O54MFmj-HDmoFI_CXG1LWe-udv2bFrRvUCN_fS1vevEmyrmU1EF3qxM1QIlvhc8BTZkM34wyXZ3FshgMpUuu59BPgJ4b3XcMmgHM-42_qj-qBt6tnDjvttJrhPavXa0f5b3tkRBvGdvqkFDaPffoD2d6EXDuHCkcIEdN=s728 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjI4-Nh28PKbTHKisOfTcH2O54MFmj-HDmoFI_CXG1LWe-udv2bFrRvUCN_fS1vevEmyrmU1EF3qxM1QIlvhc8BTZkM34wyXZ3FshgMpUuu59BPgJ4b3XcMmgHM-42_qj-qBt6tnDjvttJrhPavXa0f5b3tkRBvGdvqkFDaPffoD2d6EXDuHCkcIEdN=s728 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31108","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=31108"}],"version-history":[{"count":4,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31108\/revisions"}],"predecessor-version":[{"id":31114,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31108\/revisions\/31114"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/31115"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=31108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=31108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=31108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}