Detailed C&C Callback Information

Provides specific information about detected C&C callback events from the network.

Table 1. Detailed C&C Callback Information Data View

Data

Description

Received

Displays the time that Control Manager receives data from the managed product.

Generated

Displays the time that the managed product generates data.

Compromised Host

IP address, host name, or email address that attempted a callback

Callback Address

The object from/to which a compromised host attempted a callback

C&C List Source

The source of the list containing C&C addresses

  • Global Intelligence (Trend Micro Global Intelligence network, including Smart Protection Network)

  • Analyzers (Virtual Analyzer and Network Content Inspection Engine) in managed products

  • User-defined C&C list configured in Control Manager and in the managed product, such as Deep Discovery Inspector

Network Groups

Monitored network groups as defined by the administrators of managed products, such as Deep Discovery Inspector

C&C Risk Level

  • High: Known malicious or involved in high-severity connections

  • Medium: IP address/domain/URL is unknown to reputation service

  • Low: Reputation service indicates previous compromise or spam involvement

C&C Server Location

Region and country where the C&C server is located

First Monitored

Date and time the callback address was first detected by Trend Micro

Last Activity

Date and time the callback address was last contacted by a compromised host

Malware Families

Malware names associated with the callback address

Product

Displays the name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange

Product Entity

Displays the entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.