Detailed C&C Callback Information

Provides specific information about detected C&C callback events from the network.

Table 1. Detailed C&C Callback Information Data View




The date and time Apex Central received the data from the managed product


Displays the time that the managed product generates data.

Compromised Host

IP address, host name, or email address that attempted a callback

Callback Address

The object from/to which a compromised host attempted a callback

C&C List Source

The source of the list containing C&C addresses

  • Global Intelligence (Trend Micro Global Intelligence network, including Smart Protection Network)

  • Analyzers (Virtual Analyzer and Network Content Inspection Engine) in managed products

  • User-defined C&C list configured in Apex Central and in the managed product, such as Deep Discovery Inspector

Network Groups

Monitored network groups as defined by the administrators of managed products, such as Deep Discovery Inspector

C&C Risk Level

  • High: Known malicious or involved in high-severity connections

  • Medium: IP address/domain/URL is unknown to reputation service

  • Low: Reputation service indicates previous compromise or spam involvement

C&C Server Location

Region and country where the C&C server is located

First Monitored

Date and time the callback address was first detected by Trend Micro

Last Activity

Date and time the callback address was last contacted by a compromised host

Malware Families

Malware names associated with the callback address


Displays the name of the managed product. Example: Apex One, ScanMail for Microsoft Exchange

Product Entity

Displays the entity display name for a managed product. Apex Central identifies managed products using the managed product's entity display name.