I think that it would be a good exercise for y’all (myself included) to write some decent malware.
I’ve been rolling the concept for one around in my head for a few weeks and it would be fun to implement, especially with a small team of people working on it.
Here’s a basic concept that is in no way full fleshed-out. The current project name is Murmur.
Modular - can be expanded at runtime with more modules
Uses dns requests to send small amounts of data periodically
Uses https POST to send larger data
Uses https GET to get modules or commands
Encapsulates communications in images
Server
Puts received data into encrypted archives for collection
Has front website to seem legit
Encrypted Virtual File System
Stores files in a virtual file system
Stores modules, data that needs to be sent to C&C, configuration
I have experience with smaller projects, but this would be much, much larger than anything I’ve worked on by myself.
If people would like to work on this with me, send a pm my way and I’ll organize a team.
DNS communications are pretty hard to create covert infrastructure for. Maybe ICMP or something at the lower layers could suffice for small/simple messages.
Also building the C2 server in a way that it can be stealthily deployed to compromised servers/hosts would be a plus as well. That would push the module holding and the heavy work to the attackers computer which is much easier to secure and obfuscate.
Holy shit, it’s glorious. We need to make a complete remix and have someone sing it. Like, this legitamately needs to be a thing. Hell, why not make a music video too?
Will the code be on a public repo? I’m not skilled enough to participate but I’ll love to see how it actually works
pry0cc
(Leader & Offsec Engineer & Forum Daddy)
17
I would suggest part of the concept would be that a lot of things, (data collection, surveillance) would be mostly automated. It could create packages (organized by date) that will upload periodically.
If designed well, it could be designed to operate on a very large scale, with a P2P C&C server. The package idea also would allow for future expansion with air-gaps, offline etc.
I don’t want to sound like that guy, but python could be a very good choice. STELF is written in python, and pyinstaller does an extraordinarily good job. Much better than I ever dreamed it to be.
What sort of scale is intended for this project, what would be different about this piece of malware, and how can we creatively incorporate new ideas to this?
I’m excited to see this come to fruition. I hope it does and not just fade away as some projects do
I’m not so experienced with Python, but isn’t it very unstealthy when running on Windows? If not, I think we could create modules/packages with it, but leave the core in C++. Anyways, looking forward to this project! I always had something similar in mind, and my head is sparkling full of ideas!
Maybe we should do it on our GitLab?
Best, SmartOne
pry0cc
(Leader & Offsec Engineer & Forum Daddy)
19
pyinstaller compiles to an executable. This is pretty stealthy.