Dark Utilities C2 as a service tool leverages IPFS, targets several operating systems

A new command and control as a service allows cybercriminals to easily control victims’ computers and run cryptocurrency mining, DDoS attacks and provide full access to the systems.

Dark Utilities C2 as a service.
Image: Adobe Stock

Some highly skilled cybercriminals have decided to produce different services that they sell to lower-skilled peers. Opening the door for entry-level cybercriminals to successfully run fraudulent operations on the internet and scam people or steal money from them.

A lot of products “as a service” have appeared in the cybercriminal underground, so that nowadays almost any person wanting to jump in the cybercriminal wagon might be able to, with the sole condition of having enough initial money to buy such services.

C2 as a service

Cisco Talos published new research about a new platform dubbed “Dark Utilities” by its author. This platform was released in early 2022 and its goal is to provide full-featured command and control (C2) capabilities to cybercriminals for $10.30 (9.99 Euros), which is a very low cost. The platform has enrolled about 3,000 users, which makes approximately $30,951 (30,000 Euros) in income for the people behind the service.

Dark Utilities capabilities

Dark Utilities provides several functionalities (Figure A).

Figure A

Dark Utilities capabilities as advertised by its owners.
Dark Utilities capabilities as advertised by its owners. Image: Cisco Talos

Dark Utilities provides code which needs to be executed on a target’s system, which means the attacker needs to have already compromised the system and have access to it.  The documentation provided by the platform provides guidance for conducting reconnaissance and identifying/exploiting vulnerabilities to infect servers that can be added to Dark Utilities. Of course, it is possible for an attacker without particular skills to buy compromised systems access from the cybercrime underground and use Dark Utilities with it.

Once executed, the payload registers the service and establishes a C2 communication channel.

Two types of Distributed Denial of Service (DDoS) attacks are possible using the Dark Utilities: Layer 4, which supports TCP/UDP/ICMP network protocols, as well as some other protocols specifically designed for several gaming platforms such as Teamspeak3, Fivem, Gmod, Valve and some video games.

The Layer 7 type supports GET/POST/HEAD/PATCH/PUT/DELETE/OPTIONS/CONNECT methods (Figure B).

Figure B

DDoS interface from Dark Utilities supports two different DDoS types.
DDoS interface from Dark Utilities supports two different DDoS types. Image: Cisco Talos

A cryptocurrency mining functionality is also available in Dark Utilities. It is fairly straightforward, as it only allows mining Monero cryptocurrency and only requests the cybercriminals Monero wallet address to work (Figure C).

Figure C

Crypto mining functionality as shown in Dark Utilities.
Crypto mining functionality as shown in Dark Utilities. Image: Cisco Talos

Dark Utilities also provides a way to launch commands on multiple systems in a distributed way, and provides a Discord grabber (Figure D).

Figure D

Dark Utilities provides distributed Discord grabber and command line execution.
Dark Utilities provides distributed Discord grabber and command line execution. Image: Cisco Talos

Dark Utilities panel

Dark Utilities platform makes heavy use of Discord. It is used for user authentication before providing a dashboard to the user. It shows basic statistics such as server health status and latency (Figure E).

Figure E

Statistics and metrics provided in Dark Utilities dashboard.
Statistics and metrics provided in Dark Utilities dashboard. Image: Cisco Talos

A manager administrative panel is also provided to handle all compromised machines belonging to the botnet (Figure F).

Figure F

Administrative panel to control all of the compromised machines.
Administrative panel to control all of the compromised machines. Image: Cisco Talos

SEE: Mobile device security policy (TechRepublic Premium)

IPFS payloads

To successfully register a newly compromised machine, a payload needs to be generated and deployed on the victim’s computer.

The current version of Dark Utilities allows attackers to launch payloads on several different operating systems: Linux, Windows and Python-based implementation. The platform also has support for ARM64 and ARMV71 architectures, which they describe as useful for targeting embedded devices such as routers, phones and Internet of Things (IoT) devices.

Yet one of the most advanced aspects of Dark Utilities lies in the hosting of these payloads, as they are actually stored in the InterPlanetary File System (IPFS), which TechRepublic wrote about recently. IPFS is a distributed peer-to-peer network that works without the need to install any client application. IPFS files are accessed via IPFS gateways, and make it really hard to remove data. It is considered “bulletproof hosting”, as the only way to take down that data from the internet is to take it away from every gateway that shares it.

Talos researchers mention that they “have observed adversaries increasingly making use of this infrastructure for payload hosting and retrieval” and it seems skilled cybercriminals will just make more and more use of that technology to store their malicious content, be it phishing pages or malware payloads.

Who is behind Dark Utilities?

Nickname “inplex-sys” appears to handle Dark Utilities, but there is no indication that this persona actually develops the platform. According to Talos, the persona does not have a long history in the cybercriminal underground space, and limits its activities to messaging/bot platforms such as Telegram and Discord. Also, Dark Utilities has been advertised within the Lapsus$ group shortly after its initial release.

The same moniker has also been used in the video game storefront Steam, advertising for Dark Utilities and a few other fraudulent tools aimed at conducting spam attacks on Discord and Twitch platforms or administrate servers.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

How to protect from this threat?

Attackers using Dark Utilities need to find a way to compromise computers on their own. Basic hygiene can prevent compromise:

  • Keep the operating systems and software always up to date and patched, in order to avoid falling for common vulnerabilities.
  • Deploy security tools on endpoints and servers and have them always up to date.
  • Run regular security audits and fix any vulnerability that might emerge from it.

Disclosure: I work for Trend Micro, but the views expressed in this article are mine.

Source link

istanbul escort aksaray escort arnavutköy escort ataköy escort avcılar escort avcılar türbanlı escort avrupa yakası escort bağcılar escort bahçelievler escort bahçeşehir escort bakırköy escort başakşehir escort bayrampaşa escort beşiktaş escort beykent escort beylikdüzü escort beylikdüzü türbanlı escort beyoğlu escort büyükçekmece escort cevizlibağ escort çapa escort çatalca escort esenler escort esenyurt escort esenyurt türbanlı escort etiler escort eyüp escort fatih escort fındıkzade escort florya escort gaziosmanpaşa escort güneşli escort güngören escort halkalı escort ikitelli escort istanbul escort kağıthane escort kayaşehir escort küçükçekmece escort mecidiyeköy escort merter escort nişantaşı escort sarıyer escort sefaköy escort silivri escort sultangazi escort suriyeli escort şirinevler escort şişli escort taksim escort topkapı escort yenibosna escort zeytinburnu escort porno 1080p porno izle 4k porno izle 720p porno izle abella danger alman alman porno alman porno izle aloha tube porno amatör amatör porno amatör porno izle anal anal porno anal porno izle arap porno asa akira porno asyalı porno bangbros porno bangbros porno izle banyoda sikis başörtülü porno beeg porno izle beyaz tenli porno izle biseksuel porno izle bisexsuel porno brandi love porno brazzers brazzers porno izle canli porno canli porno izle çinli porno çinli porno izle ensest porno ensest porno izle ensest seks erotik porno erotik porno izle esmer porno esmer porno izle etek altı fake agent fake taxi fake taxi porno fantazi pornoları fantezi porno izle fetiş porno fetiş porno izle fetish fransız porno fransız porno izle full hd hg porno izle gangbang porno genç kız porno izle genç kız sikişi genç teen porno izle gizli çekim porno gizli çekim pornosu grup pornosu grup porno grup porno izle hd pornolar hd porno hd porno izle hemşire porno hemşire pornosu hizmetçi porno hizmetçi porno izle ingiliz porno japon pornoları japon porno kızlık bozma kızlık bozma porno izle konulu porno konulu porno izle koreli porno köylü pornoları kumral porno kumral porno izle latin pornoları latin porno latin porno izle lezbiyen pornoları lezbiyen porno lezbiyen porno izle lisa ann porno liseli pornoları liseli porno liseli porno izle manken porno manken porno izle masaj porno izle masturbasyon porno izle masturbasyon pornoları mature porno mia khalifa porno mia malkova porno milf porno izle mobil porno mobil porno izle öğrenci porno izle öğretmen porno izle okul porno izle olgun kadın pornosu olgun porno oral porno oral porno izle oral seks porna izle pornhub pornhub porno izle porno film izle porno indir porno izle porno resimler porno star porntube porno izle redtube redtube pornoları riley reid porno rokettube rus pornoları rus porno rus porno izle sakso blowjob porno izle sarışın pornoları sarışın porno sarışın porno izle sarışın pornoları sekreter porno shemale sikiş sikiş sikiş izle şişman porno siyahi pornoları suriyeli pornoları swinger porno tecavüz porno teen porn türbanlı pornoları türbanlı porno türk pornoları türk porno türk porno izle türkçe altyazılı porno türkçe altyazılı porno izle xhamster pornoları xhamster porno xhamster porno izle xnxx xnxx porno xnxx porno izle xvideos xvideos porno izle yaşlı porno yeşilçam porno izle youjizz youporn youporn porno izle zenci porno güvenilir bahis siteleri bahis siteleri casino deneme bonusu casino siteleri deneme bonusu para yatırma bonusu bahis siteleri casino siteleribahis sitesi para yatırma