Shodan is the best service to search the C2 IP’s, so today i am going to share my MindMap which i created to record the shodan queries in the single page.
We can use the search queries in shodan to get C2 infrastructure details to track the active threat actors. this will helps CTI analyst to get the C2 data quickly and push to controls proactively.
The most advance threat actor might using advance evade techniques to be undetected in these kind of searches. But still this search will give good amount of c2 information's.
I am not going to explain about each C2 which i mentioned, may be i can write about this in my next article.
You can find the mindmap in the below link.
The shodan search queries is mention in the link, you can simply copy and paste the search query in the shodan to get the information.
Thanks for Reading.