var unreadAlerts = '1';
You have one unread private message from dkota titled Welcome to the Forum!

Virus com?
#1
I want to know what format do you guys use to communicate with cnc is it json or custom format and why?
Report
#2
In my experience JSON is a good format for CNC. It can be exchanged between different programming languages and is easy to work with
Reply Quote // Report
#3
nullcat Wrote: In my experience JSON is a good format for CNC. It can be exchanged between different programming languages and is easy to work with

true but cant standardize it to allow for file uploads and downloads without base64
Reply Quote // Report
#4
That is true. You should look into custom protocols for communication (JSON packet header and bytes for the packet body)
Reply Quote // Report
#5
nullcat Wrote: That is true. You should look into custom protocols for communication (JSON packet header and bytes for the packet body)

I think protobuf or cbor are great for this
Reply Quote // Report
#6
If you have the time and knowledge to do so, writing your own format using cstructs provides alot more value to your malware. It makes reversing alot harder, it reduces the number of bytes sent, it adds less dependence on external stuff (like JSON libraries), it lets you set limits on data sizes (which means you can make your communication look bigger or smaller than it might normally be), and a myriad of other benefits.

For most generic crimeware though, most people will just opt for JSON + TLS and forget about it.
Reply Quote // Report


Quick Reply
Message
Type your reply to this message here.



Possibly Related Threads…
Thread Author Replies Views Last Post
  Do I need to consider virus protection when developing malware for targeted use SciMartini 2 179 04-21-2023, 04:06 PM
Last Post: SciMartini



Users browsing this thread: purely_cabbage
var thread_deleted = "0"; if(thread_deleted == "1") { $("#quick_reply_form, .new_reply_button, .thread_tools, .inline_rating").hide(); $("#moderator_options_selector option.option_mirage").attr("disabled","disabled"); }