利用合法服务逃避检测的C2框架集合

免杀技术的研究是一个很复杂的专题，也是高端黑客组织研究的重点，免杀恶意软件是高端黑客组织最重要的攻击武器，普通的免杀能坚持一到两周就很不错了，高端一点的免杀可以坚持半年或一年以上，更高极的免杀可以持续几年，甚至十年以上不被发现，基于供应链的免杀技术是最难发现的一种免杀技术，免杀对抗技术是安全对抗的核心技术之一，需要攻击者在样本层面和网络流量层面都能做到深度的隐藏，才能在更长的时间里逃避全球安全厂商的检测和追踪。

今天笔者给大家分享一个利用合法服务逃避检测的C2框架集合，这些框架里的C2在一些恶意软件攻击、APT攻击中会经常遇到，供大家参考学习。

C2框架集合地址：https://lolc2.github.io/

开源项目地址：https://github.com/lolc2/lolc2.github.io

使用的合法服务，如下所示：

相关的程序C2服务，如下所示：

Telegram

C2 Projects:

https://github.com/3ct0s/disctopia-c2

https://github.com/timebotdon/telegram-c2agent

https://github.com/SpenserCai/DRat

https://github.com/kensh1ro/NativeTeleBackdoor

https://github.com/Lemonada/teleBrat

https://github.com/woj-ciech/Social-media-c2

https://github.com/machine1337/TelegramRAT

https://github.com/1N73LL1G3NC3x/Nightmangle

https://github.com/itaymigdal/Poshito

Detection:

https://api.telegram.org/bot*

Twitter

C2 Projects:

https://github.com/slaeryan/LARRYCHATTER

https://github.com/PaulSec/twittor

https://github.com/woj-ciech/Social-media-c2

Detection:

https://api.twitter.com/1*

https://api.twitter.com/2*

https://upload.twitter.com/

https://api.twitter.com/oauth*

Gmail

C2 Projects:

https://github.com/byt3bl33d3r/gcat

https://github.com/machine1337/gmailc2

https://github.com/reveng007/SharpGmailC2

https://github.com/rschwass/PSGSHELL

https://github.com/shanefarris/GmailBackdoor

Detection:

https://www.googleapis.com/gmail/*

https://www.googleapis.com/auth/*

Slack

C2 Projects:

https://github.com/Coalfire-Research/Slackor

https://github.com/bkup/SlackShell

https://github.com/praetorian-inc/slack-c2bot

https://github.com/j3ssie/c2s

https://github.com/herwonowr/slackhell

https://github.com/Yihsiwei/slack-c2-golang

Detection:

https://slack.com/api/*

Discord

C2 Projects:

https://github.com/MythicC2Profiles/discord

https://github.com/3ct0s/disctopia-c2

https://github.com/emmaunel/DiscordGo

https://github.com/crawl3r/DaaC2

https://github.com/th3r4ven/Bifrost

https://github.com/kensh1ro/Willie-C2

https://github.com/codeuk/discord-rat

https://github.com/Vczz0/Cerberos-C2

https://github.com/3NailsInfoSec/DCVC2

https://github.com/hoaan1995/ZER0BOT

https://github.com/Jeff53978/Python-Trojan

Detection:

https://discord.com/api/*

Google Sheet

C2 Projects:

https://github.com/looCiprian/GC2-sheet

https://github.com/a-rey/google_RAT

Detection:

https://sheets.googleapis.com/*

https://www.googleapis.com/drive/*

Google Drive

C2 Projects:

https://github.com/lukebaggett/google_socks

https://github.com/DannyPenten/Rust-DriveC2

Detection:

https://www.googleapis.com/drive/*

POST - https://www.googleapis.com/upload/drive/v3/files?*

GET - https://www.googleapis.com/drive/v3/files/*

https://www.googleapis.com/auth/drive

Google Calendar

C2 Projects:

https://github.com/MrSaighnal/GCR-Google-Calendar-RAT

Detection:

https://www.googleapis.com/auth/calendar*

Github

C2 Projects:

https://github.com/3ct0s/disctopia-c2

https://github.com/TheD1rkMtr/GithubC2

Detection:

https://api.github.com/*

Youtube

C2 Projects:

https://github.com/latortuga71/YoutubeAsAC2

https://github.com/woj-ciech/Social-media-c2

https://github.com/ricardojoserf/SharpCovertTube

Detection:

https://www.googleapis.com/youtube/*

Pastebin

C2 Projects:

https://github.com/3ndG4me/AgentSmith

https://github.com/PeterEdtu/Pastebad-Reverse-Shell

Detection:

Requests to https://pastebin.com/api/api_post.php, https://pastebin.com/api/*

Reddit

C2 Projects:

https://github.com/kleiton0x00/RedditC2

https://github.com/thrasr/reddit-c2

Detection:

https://www.reddit.com/api/*

dropbox

C2 Projects:

https://github.com/Arno0x/DBC2

Detection:

Requests to https://api.dropboxapi.com/*

Instagram

C2 Projects:

https://github.com/woj-ciech/Social-media-c2

Detection:

https://api.instagram.com/oauth/*

https://graph.instagram.com/*

Zoom

C2 Projects:

https://github.com/0xEr3bus/ShadowForgeC2

Detection:

Requests to https://api.zoom.us/v2/chat/users/me/*

Virustotal

C2 Projects:

https://github.com/RATandC2/VirusTotalC2

https://github.com/D1rkMtr/VirusTotalC2

https://github.com/g0h4n/REC2

https://github.com/samuelriesz/SharpHungarian

Detection:

https://www.virustotal.com/api/v3/*/comments

https://www.virustotal.com/api/v2/*/comments

Zulip

C2 Projects:

https://github.com/n1k7l4i/goZulipC2

Detection:

Requests to https://*.zulipchat.com/api/v1/messages*

Requests to https://*.zulipchat.com/api/v1/user_uploads*

Requests to https://*.zulipchat.com/api/v1/users/me/subscriptions*

Requests to https://*.zulipchat.com/api/v1/get_stream_id?stream=*

Notion

C2 Projects:

https://github.com/mttaggart/OffensiveNotion

Detection:

https://api.notion.com*

Matrix

C2 Projects:

https://github.com/n1k7l4i/goMatrixC2/

Detection:

POST - https://matrix.org/_matrix/client/r0/rooms/*/send/m.room.message

GET - https://matrix.org/_matrix/client/r0/rooms/*/messages

Openai

C2 Projects:

https://github.com/spartan-conseil/ratchatpt

Detection:

POST & GET - https://api.openai.com/v1/files*

POST - https://api.openai.com/v1/files/*

GET - https://api.openai.com/v1/files/*/content*

如果对恶意软件分析感兴趣的，可以加入笔者的全球安全分析与研究专业群，一起共同分析和研究全球流行恶意软件家族。

安全分析与研究，专注于全球恶意软件的分析与研究，深度追踪全球黑客组织攻击活动，欢迎大家关注，获取全球最新的黑客组织攻击事件威胁情报。