search

alphasoc / flightsim

A utility to safely generate malicious network traffic patterns and evaluate controls.
https://alphasoc.com
Other
1.27k stars 134 forks source link

New module: c2-ip #2

Closed chrisforce1 closed 6 years ago

chrisforce1 commented 6 years ago

Let's bring this one back. Contact me on Slack for details around the IP:port feed.

We'd connect to 10 C2 destinations and output would look something like this:

Time      Module   Description
--------------------------------------------------------------------------------
11:26:01  c2-ip    Starting
11:26:02  c2-ip    Preparing random sample of current C2 IP:port pairs
11:26:03  c2-ip    Connecting to 1.2.3.4:1192
11:26:04  c2-ip    Connecting to 2.3.4.5:443
11:26:05  c2-ip    Connecting to 3.4.5.6:71
...
11:26:09  c2-ip    Finished
chrisforce1 commented 6 years ago

Would it be easy to take IP:port pairs from this Twitter feed? Some of the C2s have IP:port pairs already, but many require a DNS resolution step, and then we can just connect to each.