[kachapopopow]

that's why you have large lists, fallbacks and rolling updates to said fallbacks. it isolates you as the c2 owner to the c2 malware. once you have that you can just query from any kind of server and publish it anywhere else, you can have it act as an indirect proxy, not the primary contact point - it's a globally available database for a low low cost of transaction fees.

but explorers are the easiest since there's so many of them and so many of them that do not give two shits about blacklisting addresses.

[JasonADrury]

And what do you gain from all this extra complexity designed to compensate for fundamentally unreliable c&c channels?

You could've just used DHT, or even bundled Tor.

[kachapopopow]

because a c2 mechanism isn't that useful when you can't even send the packets out to the internet to use it when t1's get off their ass and actually do something useful.

[JasonADrury]

>because a c2 mechanism isn't that useful when you can't even send the packets out to the internet to use it when t1's get off their ass and actually do something useful.

There are lots of ways to disguise p2p traffic to make it indistinguishable from common, legitimate software.