Malware and similar malicious software must often use the network in executing a cyberattack, which may include communicating with Command and Control (C2) servers, downloading malicious payloads, uploading stolen data or spreading through the network. Oftentimes, these actions are designed to appear innocuous, but can still be identified as suspicious through indicators such as domain names, IP addresses, file names or unique ports. Enterprises can use these indicators to search their networks for malicious activity.