Detailed C&C Callback Information

Provides specific information about C&C callback events detected on your network

Table 1. Detailed C&C Callback Information Data View




The date and time Apex Central received the data from the managed product


The date and time the managed product generated the data

Compromised Host

The IP address, host name, or email address that attempted a callback

Callback Address

The object from/to which a compromised host attempted a callback

C&C List Source

The C&C list source that identified the C&C server

  • C&C IP List

  • Global Intelligence List

  • User-defined IP List

  • Virtual Analyzer List

Network Groups

The monitored network groups as defined by the administrators of managed products, such as Deep Discovery Inspector

C&C Risk Level

The risk level Trend Micro assigns to the event:

  • High: Known malicious or involved in high-severity connections

  • Medium: IP address/domain/URL is unknown to reputation service

  • Low: Reputation service indicates previous compromise or spam involvement

C&C Server Location

The region and country where the C&C server is located

First Monitored

The date and time the callback address was first detected by Trend Micro

Last Activity

The date and time the callback address was last contacted by a compromised host

Malware Families

The malware names associated with the callback address


The name of the managed product or service

Example: Apex One, ScanMail for Microsoft Exchange

Product Entity

The display name of the managed product server in Apex Central