安全分析与研究
专注于全球恶意软件的分析与研究
前言概述
免杀技术的研究是一个很复杂的专题,也是高端黑客组织研究的重点,免杀恶意软件是高端黑客组织最重要的攻击武器,普通的免杀能坚持一到两周就很不错了,高端一点的免杀可以坚持半年或一年以上,更高极的免杀可以持续几年,甚至十年以上不被发现,基于供应链的免杀技术是最难发现的一种免杀技术,免杀对抗技术是安全对抗的核心技术之一,需要攻击者在样本层面和网络流量层面都能做到深度的隐藏,才能在更长的时间里逃避全球安全厂商的检测和追踪。
今天笔者给大家分享一个利用合法服务逃避检测的C2框架集合,这些框架里的C2在一些恶意软件攻击、APT攻击中会经常遇到,供大家参考学习。
C2框架集合
C2框架集合地址:https://lolc2.github.io/
开源项目地址:https://github.com/lolc2/lolc2.github.io
使用的合法服务,如下所示:
相关的程序C2服务,如下所示:
Telegram
C2 Projects:
https://github.com/3ct0s/disctopia-c2
https://github.com/timebotdon/telegram-c2agent
https://github.com/SpenserCai/DRat
https://github.com/kensh1ro/NativeTeleBackdoor
https://github.com/Lemonada/teleBrat
https://github.com/woj-ciech/Social-media-c2
https://github.com/machine1337/TelegramRAT
https://github.com/1N73LL1G3NC3x/Nightmangle
https://github.com/itaymigdal/Poshito
Detection:
https://api.telegram.org/bot*
C2 Projects:
https://github.com/slaeryan/LARRYCHATTER
https://github.com/PaulSec/twittor
https://github.com/woj-ciech/Social-media-c2
Detection:
https://api.twitter.com/1*
https://api.twitter.com/2*
https://upload.twitter.com/
https://api.twitter.com/oauth*
Gmail
C2 Projects:
https://github.com/byt3bl33d3r/gcat
https://github.com/machine1337/gmailc2
https://github.com/reveng007/SharpGmailC2
https://github.com/rschwass/PSGSHELL
https://github.com/shanefarris/GmailBackdoor
Detection:
https://www.googleapis.com/gmail/*
https://www.googleapis.com/auth/*
Slack
C2 Projects:
https://github.com/Coalfire-Research/Slackor
https://github.com/bkup/SlackShell
https://github.com/praetorian-inc/slack-c2bot
https://github.com/j3ssie/c2s
https://github.com/herwonowr/slackhell
https://github.com/Yihsiwei/slack-c2-golang
Detection:
https://slack.com/api/*
Discord
C2 Projects:
https://github.com/MythicC2Profiles/discord
https://github.com/3ct0s/disctopia-c2
https://github.com/emmaunel/DiscordGo
https://github.com/crawl3r/DaaC2
https://github.com/th3r4ven/Bifrost
https://github.com/kensh1ro/Willie-C2
https://github.com/codeuk/discord-rat
https://github.com/Vczz0/Cerberos-C2
https://github.com/3NailsInfoSec/DCVC2
https://github.com/hoaan1995/ZER0BOT
https://github.com/Jeff53978/Python-Trojan
Detection:
https://discord.com/api/*
Google Sheet
C2 Projects:
https://github.com/looCiprian/GC2-sheet
https://github.com/a-rey/google_RAT
Detection:
https://sheets.googleapis.com/*
https://www.googleapis.com/drive/*
Google Drive
C2 Projects:
https://github.com/lukebaggett/google_socks
https://github.com/DannyPenten/Rust-DriveC2
Detection:
https://www.googleapis.com/drive/*
POST - https://www.googleapis.com/upload/drive/v3/files?*
GET - https://www.googleapis.com/drive/v3/files/*
https://www.googleapis.com/auth/drive
Google Calendar
C2 Projects:
https://github.com/MrSaighnal/GCR-Google-Calendar-RAT
Detection:
https://www.googleapis.com/auth/calendar*
Github
C2 Projects:
https://github.com/3ct0s/disctopia-c2
https://github.com/TheD1rkMtr/GithubC2
Detection:
https://api.github.com/*
Youtube
C2 Projects:
https://github.com/latortuga71/YoutubeAsAC2
https://github.com/woj-ciech/Social-media-c2
https://github.com/ricardojoserf/SharpCovertTube
Detection:
https://www.googleapis.com/youtube/*
Pastebin
C2 Projects:
https://github.com/3ndG4me/AgentSmith
https://github.com/PeterEdtu/Pastebad-Reverse-Shell
Detection:
Requests to https://pastebin.com/api/api_post.php, https://pastebin.com/api/*
C2 Projects:
https://github.com/kleiton0x00/RedditC2
https://github.com/thrasr/reddit-c2
Detection:
https://www.reddit.com/api/*
dropbox
C2 Projects:
https://github.com/Arno0x/DBC2
Detection:
Requests to https://api.dropboxapi.com/*
C2 Projects:
https://github.com/woj-ciech/Social-media-c2
Detection:
https://api.instagram.com/oauth/*
https://graph.instagram.com/*
Zoom
C2 Projects:
https://github.com/0xEr3bus/ShadowForgeC2
Detection:
Requests to https://api.zoom.us/v2/chat/users/me/*
Virustotal
C2 Projects:
https://github.com/RATandC2/VirusTotalC2
https://github.com/D1rkMtr/VirusTotalC2
https://github.com/g0h4n/REC2
https://github.com/samuelriesz/SharpHungarian
Detection:
https://www.virustotal.com/api/v3/*/comments
https://www.virustotal.com/api/v2/*/comments
Zulip
C2 Projects:
https://github.com/n1k7l4i/goZulipC2
Detection:
Requests to https://*.zulipchat.com/api/v1/messages*
Requests to https://*.zulipchat.com/api/v1/user_uploads*
Requests to https://*.zulipchat.com/api/v1/users/me/subscriptions*
Requests to https://*.zulipchat.com/api/v1/get_stream_id?stream=*
Notion
C2 Projects:
https://github.com/mttaggart/OffensiveNotion
Detection:
https://api.notion.com*
Matrix
C2 Projects:
https://github.com/n1k7l4i/goMatrixC2/
Detection:
POST - https://matrix.org/_matrix/client/r0/rooms/*/send/m.room.message
GET - https://matrix.org/_matrix/client/r0/rooms/*/messages
Openai
C2 Projects:
https://github.com/spartan-conseil/ratchatpt
Detection:
POST & GET - https://api.openai.com/v1/files*
POST - https://api.openai.com/v1/files/*
GET - https://api.openai.com/v1/files/*/content*
总结结尾
如果对恶意软件分析感兴趣的,可以加入笔者的全球安全分析与研究专业群,一起共同分析和研究全球流行恶意软件家族。
安全分析与研究,专注于全球恶意软件的分析与研究,深度追踪全球黑客组织攻击活动,欢迎大家关注,获取全球最新的黑客组织攻击事件威胁情报。
王正
笔名:熊猫正正
恶意软件研究员
长期专注于全球恶意软件的分析与研究,深度追踪全球黑客组织的攻击活动,擅长各种恶意软件逆向分析技术,具有丰富的样本分析实战经验,对勒索病毒、挖矿病毒、窃密、远控木马、银行木马、僵尸网络、高端APT样本都有深入的分析与研究
原文始发于微信公众号(安全分析与研究):利用合法服务逃避检测的C2框架集合
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论