ExtraHop named a Leader in the 2025 Forrester Wave™: Network Analysis And Visibility Solutions

ExtraHop Logo
Search
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

Suspicious TLS Certificates

Risk Factors

Botnet C&C servers associated with malware often have TLS certificates with known hashes. C&C server connections can be established through exploits that are available to the public and can be included in malware. If a C&C connection from a compromised device is established, the attacker might be able to maintain a persistent presence or launch additional attacks on your network.

Kill Chain

Command-and-Control
Detection diagram
Next in Command-and-Control: Unconventional Outbound Connection

Attack Background

Mitigation Options

Block inbound and outbound traffic from suspicious hosts at the network perimeter

Implement network segmentation and the principle of least privilege on accounts to minimize the damage caused by a compromised device

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right