- Beacon interval – is the malware beaconing every minute, hour, day, week?
- Observed beaconing frequency – within the interval how many beacons are broadcast?
- Persistence – what percentage of the time does the beacon fail to transmit or intentionally not transmit to be less predictable?
Read the next post in this series: Distant Admin.
Visit the Series Intro to see a complete list of the analytics covered.