利用合法服务逃避检测的C2框架集合

admin 2025年1月28日02:36:12评论8 views字数 5039阅读16分47秒阅读模式

安全分析与研究

专注于全球恶意软件的分析与研究

前言概述

免杀技术的研究是一个很复杂的专题,也是高端黑客组织研究的重点,免杀恶意软件是高端黑客组织最重要的攻击武器,普通的免杀能坚持一到两周就很不错了,高端一点的免杀可以坚持半年或一年以上,更高极的免杀可以持续几年,甚至十年以上不被发现,基于供应链的免杀技术是最难发现的一种免杀技术,免杀对抗技术是安全对抗的核心技术之一,需要攻击者在样本层面和网络流量层面都能做到深度的隐藏,才能在更长的时间里逃避全球安全厂商的检测和追踪。

今天笔者给大家分享一个利用合法服务逃避检测的C2框架集合,这些框架里的C2在一些恶意软件攻击、APT攻击中会经常遇到,供大家参考学习。

C2框架集合

C2框架集合地址:https://lolc2.github.io/

开源项目地址:https://github.com/lolc2/lolc2.github.io

使用的合法服务,如下所示:

利用合法服务逃避检测的C2框架集合

相关的程序C2服务,如下所示:

Telegram

C2 Projects:

https://github.com/3ct0s/disctopia-c2

https://github.com/timebotdon/telegram-c2agent

https://github.com/SpenserCai/DRat

https://github.com/kensh1ro/NativeTeleBackdoor

https://github.com/Lemonada/teleBrat

https://github.com/woj-ciech/Social-media-c2

https://github.com/machine1337/TelegramRAT

https://github.com/1N73LL1G3NC3x/Nightmangle

https://github.com/itaymigdal/Poshito

Detection:

https://api.telegram.org/bot*

Twitter

C2 Projects:

https://github.com/slaeryan/LARRYCHATTER

https://github.com/PaulSec/twittor

https://github.com/woj-ciech/Social-media-c2

Detection:

https://api.twitter.com/1*

https://api.twitter.com/2*

https://upload.twitter.com/

https://api.twitter.com/oauth*

Gmail

C2 Projects:

https://github.com/byt3bl33d3r/gcat

https://github.com/machine1337/gmailc2

https://github.com/reveng007/SharpGmailC2

https://github.com/rschwass/PSGSHELL

https://github.com/shanefarris/GmailBackdoor

Detection:

https://www.googleapis.com/gmail/*

https://www.googleapis.com/auth/*

Slack

C2 Projects:

https://github.com/Coalfire-Research/Slackor

https://github.com/bkup/SlackShell

https://github.com/praetorian-inc/slack-c2bot

https://github.com/j3ssie/c2s

https://github.com/herwonowr/slackhell

https://github.com/Yihsiwei/slack-c2-golang

Detection:

https://slack.com/api/*

Discord

C2 Projects:

https://github.com/MythicC2Profiles/discord

https://github.com/3ct0s/disctopia-c2

https://github.com/emmaunel/DiscordGo

https://github.com/crawl3r/DaaC2

https://github.com/th3r4ven/Bifrost

https://github.com/kensh1ro/Willie-C2

https://github.com/codeuk/discord-rat

https://github.com/Vczz0/Cerberos-C2

https://github.com/3NailsInfoSec/DCVC2

https://github.com/hoaan1995/ZER0BOT

https://github.com/Jeff53978/Python-Trojan

Detection:

https://discord.com/api/*

Google Sheet

C2 Projects:

https://github.com/looCiprian/GC2-sheet

https://github.com/a-rey/google_RAT

Detection:

https://sheets.googleapis.com/*

https://www.googleapis.com/drive/*

Google Drive

C2 Projects:

https://github.com/lukebaggett/google_socks

https://github.com/DannyPenten/Rust-DriveC2

Detection:

https://www.googleapis.com/drive/*

POST - https://www.googleapis.com/upload/drive/v3/files?*

GET - https://www.googleapis.com/drive/v3/files/*

https://www.googleapis.com/auth/drive

Google Calendar

C2 Projects:

https://github.com/MrSaighnal/GCR-Google-Calendar-RAT

Detection:

https://www.googleapis.com/auth/calendar*

Github

C2 Projects:

https://github.com/3ct0s/disctopia-c2

https://github.com/TheD1rkMtr/GithubC2

Detection:

https://api.github.com/*

Youtube

C2 Projects:

https://github.com/latortuga71/YoutubeAsAC2

https://github.com/woj-ciech/Social-media-c2

https://github.com/ricardojoserf/SharpCovertTube

Detection:

https://www.googleapis.com/youtube/*

Pastebin

C2 Projects:

https://github.com/3ndG4me/AgentSmith

https://github.com/PeterEdtu/Pastebad-Reverse-Shell

Detection:

Requests to https://pastebin.com/api/api_post.php, https://pastebin.com/api/*

Reddit

C2 Projects:

https://github.com/kleiton0x00/RedditC2

https://github.com/thrasr/reddit-c2

Detection:

https://www.reddit.com/api/*

dropbox

C2 Projects:

https://github.com/Arno0x/DBC2

Detection:

Requests to https://api.dropboxapi.com/*

Instagram

C2 Projects:

https://github.com/woj-ciech/Social-media-c2

Detection:

https://api.instagram.com/oauth/*

https://graph.instagram.com/*

Zoom

C2 Projects:

https://github.com/0xEr3bus/ShadowForgeC2

Detection:

Requests to https://api.zoom.us/v2/chat/users/me/*

Virustotal

C2 Projects:

https://github.com/RATandC2/VirusTotalC2

https://github.com/D1rkMtr/VirusTotalC2

https://github.com/g0h4n/REC2

https://github.com/samuelriesz/SharpHungarian

Detection:

https://www.virustotal.com/api/v3/*/comments

https://www.virustotal.com/api/v2/*/comments

Zulip

C2 Projects:

https://github.com/n1k7l4i/goZulipC2

Detection:

Requests to https://*.zulipchat.com/api/v1/messages*

Requests to https://*.zulipchat.com/api/v1/user_uploads*

Requests to https://*.zulipchat.com/api/v1/users/me/subscriptions*

Requests to https://*.zulipchat.com/api/v1/get_stream_id?stream=*

Notion

C2 Projects:

https://github.com/mttaggart/OffensiveNotion

Detection:

https://api.notion.com*

Matrix

C2 Projects:

https://github.com/n1k7l4i/goMatrixC2/

Detection:

POST - https://matrix.org/_matrix/client/r0/rooms/*/send/m.room.message

GET - https://matrix.org/_matrix/client/r0/rooms/*/messages

Openai

C2 Projects:

https://github.com/spartan-conseil/ratchatpt

Detection:

POST & GET - https://api.openai.com/v1/files*

POST - https://api.openai.com/v1/files/*

GET - https://api.openai.com/v1/files/*/content*

总结结尾

如果对恶意软件分析感兴趣的,可以加入笔者的全球安全分析与研究专业群,一起共同分析和研究全球流行恶意软件家族。

利用合法服务逃避检测的C2框架集合

安全分析与研究,专注于全球恶意软件的分析与研究,深度追踪全球黑客组织攻击活动,欢迎大家关注,获取全球最新的黑客组织攻击事件威胁情报。

利用合法服务逃避检测的C2框架集合

王正

笔名:熊猫正正

恶意软件研究员

长期专注于全球恶意软件的分析与研究,深度追踪全球黑客组织的攻击活动,擅长各种恶意软件逆向分析技术,具有丰富的样本分析实战经验,对勒索病毒、挖矿病毒、窃密、远控木马、银行木马、僵尸网络、高端APT样本都有深入的分析与研究

原文始发于微信公众号(安全分析与研究):利用合法服务逃避检测的C2框架集合

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2025年1月28日02:36:12
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   利用合法服务逃避检测的C2框架集合https://cn-sec.com/archives/3680412.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息