A multi-user, customizable C2 framework.
Visit the website »
The goal of Maliketh is to provide a flexible, easy to use C2 framework that can be customized to fit the needs of the operator. The poster used in the initial presentation is located here.
The initial implant was written in C++ and targeted for Windows. A Golang implant has also been implemented and supports all major platforms, however it is not feature complete.
The main feature of the implant is its ability to change its behavior based on the configuration file it receives from the server. This allows the operator to customize the implant to fit their needs. The implant also has the following features (see here for more info):
- File upload/download
- Command execution
- Shellcode injection
- Update configuration
- Send system information
- Self-destruct
- Sleep
- Basic Anti-debugging
- Very Basic Anti-VM
- Sleep skipping detection
- Implement Golang client (0639f87)
- Per-operator builder in-server (917d514)
- Stealer/basic looter
- AV Disable (0aeec4c)
- Change design of config to be protocol agnostic.
- ie Define an HTTPS layer/adapter and separate out the code better.
- Keylogger
- Allow implant aliasing/renaming
- This shouldn't change the actual ID, just create a mapping table
- More fine grained backend roles and actions (blocking users, % bot allocation)
- Add ability to send command to every bot
- Floods
- Route RabbitMQ traffic through Admin listener instead of directly connecting
- Improved anti-vm (check BIOS information)
- Not bad in golang implant
- More stable file uploads/downloads (91a40f2)
- Basic OS functions built in (91a40f2)
- Situational Awareness (91a40f2)