also published on https://mthcht.medium.com/c2-hiding-in-plain-sight-7a83963b9344 Understanding your environment with the applications used and allowed will enhances the effectiveness of your hunt here
- C2 projects:
- https://github.com/3ct0s/disctopia-c2
- https://github.com/timebotdon/telegram-c2agent
- https://github.com/SpenserCai/DRat
- https://github.com/kensh1ro/NativeTeleBackdoor
- https://github.com/Lemonada/teleBrat
- https://github.com/woj-ciech/Social-media-c2
- https://github.com/machine1337/TelegramRAT
- https://github.com/1N73LL1G3NC3x/Nightmangle
- API detection:
- Requests to
https://api.telegram.org/bot*
- Requests to
- C2 projects:
- API detection:
- Requests to
https://api.twitter.com/1*
,https://api.twitter.com/2*
,https://upload.twitter.com/
,https://api.twitter.com/oauth*
- Requests to
- C2 projects:
- API detection:
- Requests to
https://www.googleapis.com/gmail/*
,https://www.googleapis.com/auth/*
- Requests to
- C2 projects:
- API detection:
- Requests to
https://slack.com/api/*
- Requests to
- C2 projects:
- https://github.com/MythicC2Profiles/discord
- https://github.com/3ct0s/disctopia-c2
- https://github.com/emmaunel/DiscordGo
- https://github.com/crawl3r/DaaC2
- https://github.com/th3r4ven/Bifrost
- https://github.com/kensh1ro/Willie-C2
- https://github.com/codeuk/discord-rat
- https://github.com/Vczz0/Cerberos-C2
- https://github.com/3NailsInfoSec/DCVC2
- https://github.com/hoaan1995/ZER0BOT
- https://github.com/Jeff53978/Python-Trojan
- API detection:
- Requests to
https://discord.com/api/*
- Requests to
- C2 projects:
- API detection:
- Requests to
https://sheets.googleapis.com/*
,https://www.googleapis.com/drive/*
- Requests to
- C2 projects:
- API detection:
- Requests to
https://www.googleapis.com/auth/calendar*
- Requests to
- C2 projects:
- API detection:
- Requests to
https://api.github.com/*
- Requests to
- C2 projects:
- API detection:
- Requests to
https://www.googleapis.com/youtube/*
- Requests to
- C2 projects:
- API detection:
- Requests to
https://pastebin.com/api/api_post.php
,https://pastebin.com/api/*
- Requests to
- C2 projects:
- API detection:
- Requests to
https://www.reddit.com/api/*
- Requests to
- C2 projects:
- API detection:
- Requests to
https://api.dropboxapi.com/*
- Requests to
- C2 projects:
- API detection:
- Requests to
https://api.instagram.com/oauth/*
,https://graph.instagram.com/*
- Requests to
- C2 projects:
- API detection:
- Requests to
https://api.zoom.us/v2/chat/users/me/*
- Requests to
- C2 projects:
- https://github.com/RATandC2/VirusTotalC2
- https://github.com/D1rkMtr/VirusTotalC2 (the repo does not exist anymore and the github username changed from D1rkMtr to TheD1rkMtr)
- https://github.com/g0h4n/REC2
- https://github.com/samuelriesz/SharpHungarian
- API detection:
- Requests to
https://www.virustotal.com/api/v3/*/comments
,https://www.virustotal.com/api/v2/*/comments
- Requests to
- C2 projects:
- API detection:
- Requests to:
https://*.zulipchat.com/api/v1/messages*
https://*.zulipchat.com/api/v1/user_uploads*
https://*.zulipchat.com/api/v1/users/me/subscriptions*
https://*.zulipchat.com/api/v1/get_stream_id?stream=*
- Requests to:
- C2 projects:
- API detection:
- Requests to
https://api.notion.com*
- Requests to
- C2 projects:
- API detection:
- POST Requests to
https://matrix.org/_matrix/client/r0/rooms/*/send/m.room.message
- GET Requests to
https://matrix.org/_matrix/client/r0/rooms/*/messages
- POST Requests to
- C2 projects:
- API detection:
- POST & GET Requests to
https://api.openai.com/v1/files*
- POST Requests to
https://api.openai.com/v1/files/*
- GET Requests to
https://api.openai.com/v1/files/*/content*
- POST & GET Requests to