albertzsigovits/c2stats.txt

## c2stats.txt
-   Examined 138 malware family pcaps overall that include some form of C2 communication
-   13/138 malware family only sends HTTP Request Headers in their initial C2 comm, no Request Body
-   125/138 malware family sends some data in their HTTP Request Body
-   In the github project (https://github.com/silence-is-best/c2db), we only maintain HTTP Request captures, but had captures for 8 Responses
o   (which is a small subset to really draw any conclusion regarding the Response sizes, anyway did some stats on that too)

Content-Lengths:
Minimum HTTP Request Body:  3 bytes
Maximum HTTP Request Body with exfil:   1.2 MB
Maximum HTTP Request Body with no exfil:    214 KB
Average HTTP Request Body with exfil:   43 KB
Average HTTP Request Body with no exfil:    9 KB

Biggest HTTP Response Body: 605 KB
Average HTTP Response Body: 71 KB
Minimum HTTP Response Body: 41 bytes
	- Examined 138 malware family pcaps overall that include some form of C2 communication
	- 13/138 malware family only sends HTTP Request Headers in their initial C2 comm, no Request Body
	- 125/138 malware family sends some data in their HTTP Request Body
	- In the github project (https://github.com/silence-is-best/c2db), we only maintain HTTP Request captures, but had captures for 8 Responses
	o (which is a small subset to really draw any conclusion regarding the Response sizes, anyway did some stats on that too)

	Content-Lengths:
	Minimum HTTP Request Body: 3 bytes
	Maximum HTTP Request Body with exfil: 1.2 MB
	Maximum HTTP Request Body with no exfil: 214 KB
	Average HTTP Request Body with exfil: 43 KB
	Average HTTP Request Body with no exfil: 9 KB

	Biggest HTTP Response Body: 605 KB
	Average HTTP Response Body: 71 KB
	Minimum HTTP Response Body: 41 bytes