Recorded Future released its 2020 Adversary Infrastructure Report. Researchers identified more than 10,000 unique command and control (C2) servers. Nearly all were linked to advanced persistent threat (APT) groups or high-end financial actors Researchers anticipate increased adoption of open-source tools because they re easy to use and accessible to criminals without deep technical expertise. Cobalt Strike was used with 1,441 observed C2 servers, followed by Metasploit and PupyRAT.
Source: https://threatpost.com/malicious-software-infrastructure-easier-deploy/162913/