8. Get IOC

What is it?

Since C2 profiles can vary pretty wildly, it's not always easy to know what potential indicators of compromise exist for any given c2, especially when you consider how it's modified for a very specific agent. The thing that would know best what kinds of IOCs exist for a given agent configuration for a C2 profile would be the C2 profile itse.f

Where is it?

The dropdown actions button for any payload will have an option to generate IOCs from the corresponding built-in C2 profiles.

What does it look like?

async def get_ioc(self, inputMsg: C2GetIOCMessage) -> C2GetIOCMessageResponse:
    """Generate IOCs for the network traffic associated with the specified c2 configuration

    :param inputMsg: Payload's C2 Profile configuration
    :return: C2GetIOCMessageResponse detailing some IOCs
    response = C2GetIOCMessageResponse(Success=True)
    response.IOCs = []
    return response

Last updated