DETECTION OVERVIEW

Havoc C&C Beaconing

Risk Factors

The Havoc framework is publicly available and has been associated with known attack campaigns. Command-and-control (C&C) beaconing traffic generated by a Havoc demon agent indicates that an attacker can remotely control a device and gain an entry point for further attacks on the network.

Kill Chain

Command-and-Control

Risk Score

Attack Background

Havoc is a post-compromise C&C framework. A Havoc demon agent is installed on the victim device after a user downloads a malicious executable payload. The demon agent initiates beaconing activity by sending an HTTP POST request to the Havoc teamserver. Beaconing refers to short messages periodically sent from a compromised device to a C&C server requesting additional instructions from an attacker.

Mitigation Options

Quarantine the device while checking for malware

MITRE ATT&CK ID

T1071.001

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases