# C2 Beaconing Hunt Template ## Hunt Metadata | Field | Value | |-------|-------| | Hunt ID | TH-C2-YYYY-MM-DD-NNN | | Analyst | | | Date | | | Status | [ ] In Progress / [ ] Complete | ## Hypothesis > [e.g., "Compromised endpoints are beaconing to adversary C2 infrastructure using HTTPS with regular intervals."] ## Beaconing Findings | # | Source | Destination | Protocol | Interval | Jitter | Connections | Risk | |---|--------|-------------|----------|----------|--------|-------------|------| | 1 | | | | | | | | ## DNS Tunneling Findings | # | Source | Domain | Query Count | Unique Subdomains | Avg Length | Risk | |---|--------|--------|-------------|-------------------|-----------|------| | 1 | | | | | | | ## IOC List | Type | Value | Confidence | Source | |------|-------|-----------|--------| | Domain | | | | | IP | | | | | JA3 | | | | ## Recommendations 1. **Block**: [Domains/IPs to block] 2. **Isolate**: [Endpoints to contain] 3. **Detect**: [New signatures to deploy]