java開發rip功能（名為DarkUtilities的新興C2）

2023-09-13 07:51:17 1

A nascent service called Dark Utilities has already attracted 3,000 users for its ability to provide command-and-control (C2) services with the goal of commandeering compromised systems.

一項名為Dark Utilities的新興服務已經吸引了 3,000 名用戶，因為它能夠提供命令和控制 (C2) 服務，以徵用受損系統。

"It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems," Cisco Talos said in a report shared with The Hacker News.

思科 Talos在與 The Hacker News 分享的一份報告中表示： 「它被營銷為一種在受感染系統上啟用遠程訪問、命令執行、分布式拒絕服務 (DDoS) 攻擊和加密貨幣挖掘操作的手段。」

Dark Utilities, which emerged in early 2022, is advertised as a "C2-as-a-Service" (C2aaS), offering access to infrastructure hosted on the clearnet as well as the TOR network and associated payloads with support for Windows, Linux, and Python-based implementations for a mere €9.99.

Dark Utilities 於 2022 年初出現，被宣傳為「C2 即服務」（C2aaS），提供對託管在 clearnet 上的基礎設施以及 TOR 網絡和相關有效負載的訪問，並支持 Windows、Linux、和基於 Python 的實現僅需 9.99 歐元。

Authenticated users on the platform are presented with a dashboard that makes it possible to generate new payloads tailored to a specific operating system that can then be deployed and executed on victim hosts.

平臺上經過身份驗證的用戶會看到一個儀錶板，可以生成針對特定作業系統量身定製新的有效負載，然後可以在受害主機上部署和執行。

Additionally, users are provided an administrative panel to run commands on the machines under their control upon establishing an active C2 channel, effectively granting the attacker full access to the systems.

此外，還為用戶提供了一個管理面板，可在建立活動 C2 通道後在其控制的機器上運行命令，從而有效地授予攻擊者對系統的完全訪問權限。

The idea is to enable threat actors to target multiple architectures without requiring significant development efforts. Also extended to its customers are technical support and assistance through Discord and Telegram.

這個想法是使攻擊者能夠針對多個架構而不需要大量的開發工作。還通過Discord 和 Telegram向其客戶提供技術支持和幫助。

"Given the relatively low cost compared to the amount of functionality the platform offers, it is likely attractive to adversaries attempting to compromise systems without requiring them to create their own C2 implementation within their malware payloads," the researchers noted.

研究人員指出：「鑑於與平臺提供的功能數量相比，成本相對較低，它可能對試圖破壞系統而不要求他們在其惡意軟體有效負載中創建自己的 C2 實現的對手有吸引力。」

To add fuel to the fire, the malware artifacts are hosted within the decentralized InterPlanetary File System (IPFS) solution, making them resilient to content moderation or law enforcement intervention in a manner similar to "bulletproof hosting."

為了火上澆油，惡意軟體組件託管在分散的IPFS解決方案中，使其以類似於「防彈託管」的方式對內容審核或執法幹預具有彈性。

"IPFS is currently being abused by a variety of threat actors who are using it to host malicious contents as part of phishing and malware distribution campaigns," Talos researcher Edmund Brumaghin told The Hacker News.

Talos 研究員 Edmund Brumaghin 告訴黑客新聞：「IPFS 目前正被各種威脅行為者濫用，他們使用它來託管惡意程序，作為網絡釣魚和惡意軟體分發活動的一部分。」

"[The IPFS gateway] enables computers on the internet to access contents hosted within the IPFS network without the requirement for a client software installation, similar to how Tor2Web gateways provide that functionality for content hosted within the Tor network."

「[IPFS 網關] 使 Internet 上的計算機無需安裝客戶端軟體即可訪問 IPFS 網絡中託管的內容，類似於 Tor2Web 網關如何為 Tor 網絡中託管的內容提供該功能。」

Dark Utilities is believed to be the handiwork of a threat actor who goes by the moniker Inplex-sys in the cybercriminal underground space, with Talos identifying some sort of a "collaborative relationship" between Inplex-sys and one of the operators of a botnet service called Smart Bot.

Dark Utilities 被認為是在網絡犯罪地下空間中使用綽號 Inplex-sys 的攻擊者的傑作，Talos 確定了 Inplex-sys 與殭屍網絡服務運營商之一之間的某種「合作關係」稱為智慧機器人。

"Platforms like Dark Utilities lower the barrier to entry for cybercriminals entering the threat landscape by enabling them to quickly launch attacks targeting a variety of operating systems," the researchers said.

研究人員說：「像Dark Utilities這樣的平臺降低了網絡犯罪分子進入威脅領域的門檻，使他們能夠快速發起針對各種作業系統的攻擊。」。

"They also offer multiple methods that can be used to further monetize access gained to systems in corporate environments and could lead to further deployment of malware in the environment once initial access has been obtained."

「它們還提供了多種方法，可用於進一步從企業環境中獲得的系統訪問中獲利，一旦獲得初始訪問，可能會導致惡意軟體在環境中進一步部署。」

我有三寶，持而保之：一曰慈，二曰儉，三曰不敢為天下先。

——《道德經.第六十七章》

本文翻譯自：

https://thehackernews.com/2022/08/a-growing-number-of-malware-attacks.html

如若轉載，請註明原文地址

翻譯水平有限 :(

有歧義的地方，請以原文為準 ：）