C2 (Command and Control)

Command and Control (C2 or C&C) is the infrastructure an attacker uses to remotely operate compromised systems. After initial infection, malware "beacons" out to a C2 server to receive commands, download additional modules, and exfiltrate stolen data.

C2 channels are deliberately hard to spot — they hide in HTTPS, DNS, or legitimate cloud services. Known C2 endpoints are a core indicator of compromise; you'll find them in the fact sheet of most family pages, such as Emotet.