Scribd
Upload
160 views

C2 Matrix

This document provides a summary of various command and control (C2) tools, including their name, license, price (if commercial), and GitHub/website links. There are over 50 C2 tools listed spanning a variety of licenses from commercial to open source licenses like MIT, BSD, and GPL. The C2 tools cover different programming languages and platforms including .NET, Python, OSX, and more.

Uploaded by

etilawol
Copyright
© © All Rights Reserved
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
160 views

C2 Matrix

This document provides a summary of various command and control (C2) tools, including their name, license, price (if commercial), and GitHub/website links. There are over 50 C2 tools listed spanning a variety of licenses from commercial to open source licenses like MIT, BSD, and GPL. The C2 tools cover different programming languages and platforms including .NET, Python, OSX, and more.

Uploaded by

etilawol
Copyright
© © All Rights Reserved
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 30

C2 Info

Name License Price GitHub Site


AirStrike NA NA https://github.com/smokeme/airstrike
Alan Created Commons NA https://github.com/enkomio/AlanFramework
Alchimist NA NA https://blog.talosintelligence.com/2022/10/alchimist-off
Ares NA NA https://github.com/sweetsoftware/Ares
AsyncRAT-C# MIT NA https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp
AtlasC2 MIT NA https://github.com/Gr1mmie/AtlasC2
https://grimmie.net/atlasc2-carrying-the-weight-of-net-a
BabyShark NA NA https://github.com/UnkL4b/BabyShark
Badrats GNU GPL3 NA https://gitlab.com/KevinJClark/badrats
BlackMamba MIT NA https://github.com/loseys/BlackMamba
Brute Ratel Commercial $2,500 https://bruteratel.com/
Bunraku Apache 2 NA https://github.com/theshadowboxers/bunraku
C3 BSD3 NA https://github.com/FSecureLABS/C3
https://labs.f-secure.com/tools/c3/
CALDERA Apache 2 NA https://github.com/mitre/caldera
Callidus GNU GPL3 NA https://github.com/3xpl01tc0d3r/Callidus
CHAOS BSD3 NA https://github.com/tiagorlampert/CHAOS
Cobalt Strike Commercial $5,900 https://www.cobaltstrike.com/
Covenant GNU GPL3 NA https://github.com/cobbr/Covenant
https://cobbr.io/tags#covenant
DaaC2 NA NA https://github.com/crawl3r/DaaC2
Dali MIT NA https://github.com/h0mbre/Dali
https://h0mbre.github.io/Image_Based_C2_PoC/
DarkFinger MIT NA https://github.com/hyp3rlinx/DarkFinger-C2
DBC2 NA NA https://github.com/Arno0x/DBC2
DcRat MIT NA https://github.com/qwqdanchun/DcRat
DeimosC2 MIT NA https://github.com/DeimosC2/DeimosC2
Disctopia GNU GPL3 NA https://github.com/3ct0s/disctopia-c2
Eggshell GNU GPL2 NA https://github.com/neoneggplant/EggShell
emp3r0r MIT NA https://github.com/jm33-m0/emp3r0r
Empire BSD3 NA https://github.com/BC-SECURITY/Empire
EvilOSX GNU GPL3 NA https://github.com/Marten4n6/EvilOSX
Faction C2 BSD3 NA Taken down
FlyingAFalseFlag GNU GPL3 NA https://github.com/monoxgas/FlyingAFalseFlag
FudgeC2 GNU GPL3 NA https://github.com/Ziconius/FudgeC2
GC2-sheet NA NA https://github.com/looCiprian/GC2-sheet
gcat BSD2 NA https://github.com/byt3bl33d3r/gcat
GoBot2 MIT NA https://github.com/SaturnsVoid/GoBot2
GodGenesis NA NA https://github.com/SaumyajeetDas/GodGenesis
godoh GNU GPL3 NA https://github.com/sensepost/goDoH
Google Socks NA NA https://github.com/lukebaggett/google_socks
GRAT2 GNU GPL3 NA https://github.com/r3nhat/GRAT2
Grim Reaper C2 GNU GPL3 NA https://github.com/d4rckh/grc2
HARS MIT NA https://github.com/onSec-fr/Http-Asynchronous-Reverse-Shell
Haven Commercial Contact Sales https://pivotlabs.dev/haven/
https://docs.pivotlabs.dev/index.html
Havoc GNU GLP3 NA https://github.com/HavocFramework/Havoc
Heroinn GNU GPL3 NA https://github.com/b23r0/Heroinn
HTTP-RevShell GNU GPL3 NA https://github.com/3v4Si0N/HTTP-revshell
ibombshell GNU GPL3 NA https://github.com/ElevenPaths/ibombshell
INNUENDO Commercial Contact Sales https://www.immunityinc.com/products/innuendo/
Khepri Apache 2 NA https://github.com/geemion/Khepri
Koadic C3 Apache 2 NA https://github.com/zerosum0x0/koadic
Link GNU GPL3 NA https://github.com/postrequest/link
LOLBITS GNU GPL3 NA https://github.com/Kudaes/LOLBITS
MacC2 BSD3 NA https://github.com/cedowens/MacC2
MacShellSwift NA NA https://github.com/cedowens/MacShellSwift
MACE NA NA https://github.com/nickvangilder/most-average-c2-ever
MeetC2 NA NA https://github.com/CMatri/MeetC2
Merlin GNU GPL3 NA https://github.com/Ne0nd0g/merlin
https://merlin-c2.readthedocs.io/en/latest/
Metasploit BSD3 NA https://github.com/rapid7/metasploit-framework
https://metasploit.com
Meteor GNU GPL3 NA https://github.com/degenerat3/meteor
Meterpeter NA NA https://github.com/r00t-3xp10it/meterpeter
MicroBackdoor GNU GPL3 NA https://github.com/Cr4sh/MicroBackdoor
MikeC2 MIT NA https://github.com/mlgualtieri/PurpleTeamSummit/tree/main/Summit-M
MiniC2 NA NA https://github.com/RickConsole/minic2
Mistica GNU GPL3 NA https://github.com/IncideDigital/Mistica
Manjusaka NA NA https://github.com/YDHCUI/manjusaka
Mythic BSD3 NA https://github.com/its-a-feature/Mythic
https://docs.mythic-c2.net/
Mythic-Apollo BSD3 NA https://github.com/MythicAgents/Apollo
Mythic-Medusa NA NA https://github.com/MythicAgents/Medusa
Nebula MIT NA https://github.com/gl4ssesbo1/Nebula
Nighthawk Commercial £22,500 https://www.mdsec.co.uk/nighthawk/
Nimbo-C2 MIT NA https://github.com/itaymigdal/Nimbo-C2
Ninja GNU GPL3 NA https://github.com/ahmedkhlief/Ninja/
https://shells.systems/introducing-ninja-c2-the-c2-built-f
NorthStarC2 GNU GPL3 NA https://github.com/EnginDemirbilek/NorthStarC2
Nuages NA NA https://github.com/p3nt4/Nuages
Octopus GNU GPL3 NA https://github.com/mhaskar/Octopus
https://shells.systems/unveiling-octopus-the-pre-operati
OffensiveNotion MIT NA https://github.com/mttaggart/OffensiveNotion
OST Stage 1 Commercial Check Site https://outflank.nl/services/outflank-security-tooling/
Oyabun C2 Commercial $200 https://redcodelabs.io/oyabun/
Palinka NA NA https://github.com/lapolis/palinka_c2
PetaQ MIT NA https://github.com/fozavci/petaqc2
PickleC2 NA NA https://github.com/xRET2pwn/PickleC2
https://picklec2.readthedocs.io/en/latest/
PoshC2 BSD3 NA https://github.com/nettitude/PoshC2/
https://poshc2.readthedocs.io/en/latest/
PowerHub MIT NA https://github.com/AdrianVollmer/PowerHub
Prelude Commercial Check Site https://github.com/preludeorg/
https://www.prelude.org/
Prismatica MIT NA https://github.com/Project-Prismatica
http://prismatica.io/
Proton GNU GPL3 NA https://github.com/entynetproject/proton
Pupy BSD3 NA https://github.com/n1nj4sec/pupy
QuasarRAT MIT NA https://github.com/quasar/QuasarRAT
RATel MIT NA https://github.com/FrenchCisco/RATel
Red Team Toolkit Commercial $7,000 https://www.netspi.com/technology/red-team-toolkit/
RedbloodC2 NA NA https://github.com/kira2040k/RedbloodC2
RedditC2 GNU GPL3 NA https://github.com/kleiton0x00/RedditC2
RedHerd Framework MIT NA https://github.com/redherd-project/redherd-framework
https://redherd.readthedocs.io
redViper NA NA https://github.com/itsKindred/redViper
ReverseTCPShell NA NA https://github.com/ZHacker13/ReverseTCPShell
sak1to-shell NA NA https://github.com/d4rk007/sak1to-shell
Sandman NA NA https://github.com/Idov31/Sandman
SCYTHE Commercial Contact Sales https://github.com/scythe-io
https://scythe.io
Secret Handshake MIT NA https://github.com/jconwell/secret_handshake
Serpentine MIT NA https://github.com/jafarlihi/serpentine
Shad0w MIT NA https://github.com/bats3c/shad0w
Shadow Workers MIT NA https://github.com/shadow-workers/shadow-workers
SharpC2 GNU GPL3 NA https://github.com/rasta-mouse/SharpC2
https://rastamouse.me/2020/05/sharpc2/
SharpGmailC2 MIT NA https://github.com/reveng007/SharpGmailC2
SilentTrinity GNU GPL3 NA https://github.com/byt3bl33d3r/SILENTTRINITY
SK8PARK/RAT NA NA https://github.com/slyd0g/
Slack-C2Bot NA NA https://github.com/praetorian-inc/slack-c2bot
Slackor GNU GPL3 NA https://github.com/n00py/Slackor
Sliver GNU GPL3 NA https://github.com/BishopFox/sliver
SQLC2 BSD3 NA https://github.com/NetSPI/SQLC2
Striker NA NA https://github.com/4g3nt47/Striker
Throwback GNU GPL2 NA https://github.com/silentbreaksec/Throwback
ThunderShell GNU GPL3 NA https://github.com/Mr-Un1k0d3r/ThunderShell
ToRat Unlicense NA https://github.com/lu4p/ToRat
Trevor BSD3 NA https://github.com/trustedsec/trevorc2/
TripleCross GNU GPL3 NA https://github.com/h3xduck/TripleCross
Twittor MIT NA https://github.com/PaulSec/twittor
Violent Fungus BSD3 NA https://github.com/sogonsec/ViolentFungus-C2
VirusTotalC2 NA NA https://github.com/D1rkMtr/VirusTotalC2
Void-RAT NA NA https://github.com/KadeDev/Void-RAT
Voodoo Commercial $2,000 https://s2.security/voodoo/
WarFox BSD3 NA https://github.com/FULLSHADE/WarFox/
WEASEL MIT NA https://github.com/facebookincubator/WEASEL
Zuthaka BSD3 NA https://github.com/pucarasec/zuthaka
C2 Matrix Info
Twitter Evaluator Date Version Implementation How-To Slingshot
@q8fawazo Contribute 10/2/2022
@s4tan @s4tan 9/10/2021 4 binary
sintelligence.com/2022/10/alchimist-offensive-framework.html
@TalosSecurity ###
@nas_bench 5/27/2021 N/A Python
/AsyncRAT-C-Sharp Contribute
@gr1mmie @Adam_Mashinch3/20/2022 C# Yes
@UnkL4b @nas_bench 6/8/2021 Beta 1.0
@GuhnooPlusLinux Contribute
Contribute
@NinjaParanoid @NinjaParanoid 3/19/2021 0.3 binary
oxers/bunraku Contribute
@FSecureLabs @ajpc500 6/30/2021 1.3
@jorgeorchilles 10/6/2019 2 pip3 Yes
@chiragsavla94 @chiragsavla94 5/8/2020 Yes
@tiagorlampert @leekirkpatrick4 5/14/2020 3 Go No
altstrike.com/ @TimMedin ### 3.14 binary
@cobbr_io @jorgeorchilles 10/6/2019 0.3 Docker Yes Yes
Contribute
@h0mbre_ @jorgeorchilles ### POC pip3
@hyp3rlinx @nas_bench 7/4/2021 POC Python
Contribute
@qwqdanchun Contribute
@CharlesDardaman @jasc22 9/17/2020 1.1.0 Beta Golang
Contribute
Contribute
Contribute
@BCSecurity1 @jorgeorchilles 1/30/2020 3.0.5 install.sh Yes Yes
@cabbagesalad2 ### 7.2.1 pip3
@jorgeorchilles ### NA install.sh Yes Yes
yingAFalseFlag @jorgeorchilles ### POC pip3
@Ziconius @jorgeorchilles 2/11/2020 Beta pip3
@loogrz Contribute
@byt3bl33d3r Contribute
Contribute
@SaumyajeetDas21 Contribute
@leonjza @cabbagesalad2 ### 1.6 binary
google_socks
@r3n_hat @r3n_hat 9/1/2021 Beta No
@d4rckh Contribute
p-Asynchronous-Reverse-Shell @leekirkpatrick4 3/24/2020 POC python
tlabs.dev/index.html Contribute
@C5pider Contribute 10/2/2022
Contribute
@3v4Si0N Contribute
@jorgeorchilles ### 0.0.3b pip3 Yes
munityinc.com/products/innuendo/@daveaitel ### 1.7 install.sh
Contribute
@jorgeorchilles 9/27/2019 0xA (10) pip3 Yes Yes
Contribute
@Kurosh2907 Contribute
Contribute
@cedowens @Adam_Mashinch ### N/A python Yes
r/most-average-c2-ever Contribute
Contribute
@merlin_c2 @jorgeorchilles 11/4/2019 0.8.0 Binary Yes Yes
@metasploit @busterbcook 12/4/2019 5.0.62 Ruby
Contribute
/meterpeter Contribute
@d_olex Contribute
@mlgualtieri Contribute 5/25/2021 C# / PHP No No
@ConsoleRick Contribute
Contribute
Contribute
@its_a_feature_ @jorgeorchilles 10/6/2019 1.3 Docker Yes
@djhohnstein Contribute
@ajpc500 Contribute
Contribute
@MDSecLabs @domchell ### 0.1 Binary
Contribute
tems/introducing-ninja-c2-the-c2-built-for-stealth-red-team-operations/
@leekirkpatrick4 4/3/2020 Beta python
ilek/NorthStarC2 Contribute
@xp3nt4 @xp3nt4 ### 1 Node.Js Yes
@mohammadaskar2 @jorgeorchilles ### v1.0 Beta pip3
@mttaggart @huskyhacksmk
@OutflankNL @MarcOverIP 11/5/2021 SaaS
@redcode_labs Contribute
@l4p0lis Contribute
Contribute
@RET2_pwn Contribute
@Nettitude_Labs @jorgeorchilles 9/11/2021 7.4.0 install.sh Yes Yes
@mr_mitm @jorgeorchilles ### 1.3 pip3 Yes
@preludeorg @bfuzzy1 1/15/2021 0.9.12 Binary No No
@PPrismatica @0sm0s1z ### 0.01 Docker
@enty8080 Contribute 5 install.sh
@n1nj4sec Contribute
@leekirkpatrick4 5/20/2020 1.3.0.0 C#
Contribute
@SilentBreakSec @dmay3r ### 2.63 install.sh
@kira_321k Contribute
@kleiton0x7e @t4tchContribute
@RedHerdProject Contribute 9/29/2021 0.0.4 JavaScript / Docker
Contribute
@ZHacker13 @jorgeorchilles ### NA PowerShell
Contribute
Contribute
@scythe_io @Adam_Mashinch 7/7/2020 3 Binary
@turboCodr Contribute
Contribute
@_batsec_ Contribute
kers/shadow-workers Contribute
@_RastaMouse @_xpContribute
@reveng007 Contribute
@byt3bl33d3r @0sm0s1z ### 0.4.6dev Binary Yes Yes
@slyd0g Contribute Yes
nc/slack-c2bot Contribute
Contribute
@LittleJoeTables @rk@jorgeorchilles 11/5/2019 0.0.6 Binary Yes Yes
Contribute
@UmarAbdoul Contribute
@SilentBreakSec @malcomvetter 2/24/2020 Aug 2017 shell script Yes
r/ThunderShell Contribute
@lu4p3 Contribute
@HackingDave @cabbagesalad2 ### 1.1 pip3 Yes
@h3xduck Contribute
Contribute
olentFungus-C2 Contribute
@D1rkMtr Contribute
Contribute
@professor__plum @kevinlustic 2/12/2020 0.2.3 run.py
Contribute
@ucsenoi @jorgeorchilles 12/3/2019 1 pip3
@pucara Contribute
Language UI Dark Implant
Kali Server Implant Multi-User UI Mode API Windows Linux

.NET C/Asm No No No No Yes No


Go Yes Web Yes Yes
Python Python No Web Yes and onlYes Yes Yes

C# C# CLI
Python Bash No Web Yes and onl No No Yes

Golang C, x64 Asm Yes GUI Yes Yes Yes No

.NET Core C++ Yes GUI Yes Yes Yes No


Python Go Yes Web Yes Yes Yes
.Net Core .Net Core No CLI No Yes No
Go Go No CLI No Yes Yes
Java C Yes GUI No Yes No
Yes C# C# Yes Web Yes Yes Yes No

Python Python No CLI No BYOI BYOI


Python Batch No No No No Yes No

Yes No
Golang Golang Yes Web Yes Yes Yes Yes

Yes Python PowerShell Yes GUI Yes Yes Yes Yes


Yes Python Python No GUI No Yes Yes
Yes .NET .NET Yes Web Yes Yes No
Python C++ No CLI No Yes No
Yes Python Powershell Yes Web No Yes No

Yes Go Go No CLI No Yes Yes

No Python C# No CLI No No Yes No


Python C# No CLI No Yes No

Yes Python PowerShell No GUI No Yes Yes


Python Python Yes Web Yes Yes Yes

Yes Python JScript/VBScript No GUI No Yes No

Python Swift No CLI No No No


Python No CLI

Yes Go Go No CLI No Yes Yes


Ruby C/Java/PHP/Python Yes CLI Yes Yes Yes

No PHP C# No CLI No No Yes No

N/A Python
(Mythic is the handler/controller, not the
Yesimplant)
Web Yes Yes Yes
.NET
Python

Python C++ Yes GUI No Yes Yes No


Python Nim
Python C#/PowerShell Yes CLI No Yes No

Python C# Yes Cli Yes Yes Yes


Python PowerShell No GUI No Yes No

Python C++ Yes GUI Yes Yes


Go Go No CLI No Yes Yes

Python PowerShell
Yes Python PowerShell/C#/Python Yes CLI Yes No Yes Yes
Yes Python PowerShell Yes Web No Yes No
No NodeJS Go/Python/JS No GUI Yes Yes Yes Yes
Javascript/Python JScript/.NET/Rust Yes GUI Yes Yes Yes
Python JScript/VBScript
Python Python No CLI No
C# C# No GUI No Yes No

Python C++ No CLI No Yes No

Node.js NA Yes Web Yes Yes Yes* Yes*

PowerShell PowerShell No CLI No Yes No

Python C Yes Web Yes Yes Yes

Yes Python Boolang Yes CLI No Yes No


Python C++ Yes

Yes Go Go Yes CLI No Yes Yes

php C++ Yes Web No Yes No

Python Python/PowerShell No CLI No Yes Yes

Python C++ Yes Web No Yes Yes

Python Python No CLI No Yes Yes


Implant Channel
macOS TCP HTTP HTTP2 HTTP3 DNS DoH ICMP FTP IMAP MAPI SMB

No No Yes No No No No No No No No No
Yes
Yes No Yes No No No No No No No No No

Yes
No No Yes No No No No No No No No No

No Yes Yes No No No No No No No No Yes

No No Yes No No No No No No No No Yes
Yes No Yes No No No No No No No No No
No Yes No No No No No No No No No
Yes Yes No No No No No No No No No No
No Yes Yes No No Yes Yes No No No No Yes
No No Yes No No No No No No No No Yes

BYOI No Yes No No No No No No No No No
No Yes No No No No No No No No No No

No
Yes Yes Yes No No No Yes No No No No No

Yes No Yes No No No No No No No No No
Yes No Yes No No No No No No No No No
No Yes Yes No No No No No No No No No
No No Yes No No No No No No No No No
No No Yes No No No No No No No No No

Yes No No No No Yes Yes No No No No No

No No Yes No No Yes No No No No No No
No No Yes No No No No No No No No No

Yes No Yes No No No No No No No No No
Yes No Yes No No Yes No Yes Yes Yes Yes Yes

No No Yes No No No No No No No No No

Yes No Yes No No No No No No No No No

Yes No Yes Yes Yes No No No No No No No


Yes Yes Yes No No No No No No No No Yes

No Yes Yes No No No No No No No No No

Yes No Yes No No No No No No No No No

No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

No No Yes No No No No No No No No No

Yes No Yes No No Yes No No No No No No


No No Yes No No No No No No No No No

Yes Yes
Yes

Yes No Yes No No No No No No No No Yes


No No Yes No No No No No No No No No
Yes Yes Yes No No No No No No No No No
Yes Yes Yes No No No No No No No No No
No Yes No No No No No No No No

No Yes No No No No No No No No No No

No No Yes No No No No No No No No Yes

Yes*

No Yes No No No No No No No No No No

Yes Yes Yes No No Yes No No No No No Yes

No No Yes No No No No No No No No No
No Yes No No No No No No No No No
Yes

Yes Yes Yes No No Yes No No No No No No

No No Yes No No No No No No No No No

Yes No Yes No No No No No No No No No

Yes Yes Yes No No No No No No No No No

Yes No No No No Yes No No No No No No
Capabilities
LDAP Key Exchange Stego Proxy Aware DomainFront Custom Profile Jitter

No Yes No No No Yes Yes

No None No No No Yes Yes

No None No No No No No

Yes Yes No Yes Yes Yes Yes

Yes Yes No Yes No No Yes


None No Yes Yes Yes Yes
None No No No No No
No No No No No No
Yes No Yes Yes Yes Yes
Encrypted Key Exchange No Yes Yes Yes Yes

AES Yes No No No No
No No No Yes No No Yes

Encrypted Key Exchange No Yes No No Yes

Encrypted Key Exchange No Yes Yes Yes Yes


AES No No No Yes No
TLS No Yes No Yes Yes
None No No No No No
None No No No Yes No

None No No No No Yes

No No No Yes No Yes Yes


None No Yes No Yes Yes

None No Yes No No No
Encrypted Key Exchange No Yes Yes Yes Yes

None No No No No No

TLS No No No No No

aPAKE OPAQUE No No Yes No Yes


RSA No Yes Yes No No

No No No No No Yes

Encrypted Key Exchange No No Yes Yes No

Yes Yes No Yes Yes Yes Yes

AES No Yes No Yes No

AES No Yes No No No
AES No No No Yes No

Yes Yes Yes Yes Yes

TLS No Yes Yes Yes Yes


TLS No Yes No No No
No Pre-shared key/TLS No No No No Yes
None No Yes No Yes Yes

TLS No No No No No

Encrypted Key Exchang No Yes Yes Yes No

Yes (SSH) NA NA NA NA NA

None No No No No No

Curve25519 Yes Yes Yes Yes Yes

ECDHE No No Yes No Yes


Encrypted Key Exchang No Yes

mTLS No No No No No

RC4 No Yes No No No

AES No No No Yes Yes

TLS + ChaCha20-Poly1305 No Yes No No Yes

AES No No No No No
Capabilities
Working
Hours Kill Date Chaining Logging In Wild ATT&CK Mapping Dashboard

No No No Yes

No No No Yes No Yes

No No No Yes No Yes

No No Yes Yes Yes Yes

No No Yes Yes No No Yes


No No Yes Yes No Yes Yes
No No No No No No
No No No No No No
No Yes Yes Yes Yes Yes Yes
No Yes Yes Yes No Yes

No No No No No No
No No No No No No No

No Yes Yes Yes No No Yes

Yes Yes No Yes Yes Yes No


No No No No No No
No Yes No Yes No Yes
No No No No No No
No Yes No No No Yes

No No No No No No

No No No No No No No
No No No Yes No No

No No No No No No
No No Yes Yes No Yes

No Yes No Yes Yes Yes No

No No No No No No

No Yes No Yes No No
No No Yes Yes No No

No

No Yes No No No No No

https://blog.talosintelligence.com/20
No No No Yes No Yes

No Yes Yes Yes Yes No Yes

No No No Yes No No

No No No No No No
No No No No Yes Yes No

Yes Yes Yes Yes

Yes Yes Yes Yes Yes Yes No


No No No Yes No No
Yes No Yes Yes No Yes Yes
No No Yes Yes No Yes
No
Yes Yes
No No No No Yes Yes No

No No Yes Yes No No

NA NA NA No Yes**
No
No No No No No No

No Yes Yes Yes No Yes Yes

No No No Yes No No
No

No No No No Yes No

No No No No No Yes

No No No No No No

No Yes Yes Yes No No

No No No No No No
Detection Actively Maint.
SOCKS Support Blog C2-Matrix Indicators JARM <12 mo

Yes

Yes Yes No
1dd40d40d00040d1dc1dd40d1dd40d3df2d6a0c2caaa0dc59908f0d3602943
No

Yes

Yes
Yes Yes

.com/blog/print-c2/ - Yara Rule from FireEye - https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransom


Yes
Yes Yes
No
Yes Yes
Yes Yes
07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1
Yes
Yes Yes

Yes
Yes
No

00000000000000000041d00000041d9535d5979f591ae8e547c5e5743e5b64
Yes
Yes Yes

0ad0ad0000ad0ad22c42d42d000000088658245da669bb571fc2a62dd80912
Yes Yes
Yes
No
Yes
Yes

No

Yes Yes
No
Yes
Yes Yes

Yes

Yes
Yes

Yes Yes

2ad2ad0002ad2ad22c42d42d000000faabb8fd156aa8b4d8a37853e1063261
2ad000000000000000000000000000eeebf944d0b023a00f510f06a29b4f46
Yes

Yes 29d21b20d29d29d21c41d21b21b41d494e0df9532e75299f15ba73156cee38
Yes
Yes 07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d
Yes Yes

Yes

No No No

https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html
2ad2ad0002ad2ad00042d42d000000ad9bf51cc3f5a1e29eecb81d0c7b06eb
Yes
Yes
Yes

Yes No Yes

Yes Yes

Yes
Yes

Yes

Yes
2ad2ad0002ad2ad22c42d42d000000faabb8fd156aa8b4d8a37853e1063261
Yes
Yes
No No Yes
Yes

Yes
Yes Yes

Yes

Yes
Yes
Yes No

2ad2ad16d2ad2ad22c42d42d0000006f254909a73bf62f6b28507e9fb451b5
Yes

No

No
No
Yes
No
Yes 2ad2ad0002ad2ad00041d2ad2ad41da5207249a18099be84ef3c8811adc883
Yes

Yes No

//nasbench.medium.com/understanding-detecting-c2-frameworks-trevorc2-2a9ce6f1f425 Yes

No

No
Yes

Yes Yes
Yes
Support
Slack Slack Members GH Issues Notes

No No All code is executed in memory

NA 158

#c3 bloodhoundgang.herokuapp.com 320 6 Asana - Dropbox - GoogleDrive - GitHub - Slack - O365 - LDAP - Print
http://mitre-caldera.slack.com/ 181
O365 services: Outlook, OneNote, Teams
No NA 13
No NA NA
#covenant bloodhoundhq.slack.com 665 108

No NA 0 Uses Imgur

Dropbox

No NA 9

#psempire bloodhoundhq.slack.com 1299 61 Dropbox, OneDrive


No NA 89
#factionc2 bloodhoundhq.slack.com 203 38
No NA 1 PostOffice EWS SendGrid & Addendum VirusTotal
#fudgec2 bloodhoundhq.slack.com NA 3
Google Sheets and Drive

No NA 1

No NA 0 Encrypted Communication using XOR


Previously NimC2
No NA 2

No NA 5
No NA NA

No NA 94 Requires valid cert for HTTPS

8b4d8a37853e1063261
No NA 0

#merlin bloodhoundhq.slack.com 278 57 Gandalf: https://github.com/r00t0v3rr1d3/merlin/tree/dev


metasploit.slack.com 4653 3953

No NA 0

No The MikeC2 agent is best loaded with MikeDrop

#ApFell bloodhoundgang.herokuapp.com180 14
Implant for Mythic

Yes NA NA

No NA 4 Built on top of leaked MuddyC3

No NA 0 Implants can be built and customized easily


No NA 3

Yes, private Focus on Stage 1 type of functionality. Available as part of larger OS

https://labs.nettitude.com/blog/detecting-poshc2-indicators-of-compromise/
poshc2.slack.com 44 https://labs.nettitude.com/blog/detecting-poshc2-indicators-of-com
No NA 38
No N/A 6 Community is free, Professional $50 per user, Enterprise $1,000 a m
No NA 1
No NA 4
No NA 596
No NA 529

No NA NA

No No (*) Implant refers to the supported OS for the assets. (**) ATT&CK
No NA 0
No NA 0 Direct, constant TCP connection

No NA NA

#silenttrinity bloodhoundhq.slack.com 489 67


No NA 0 SK8PARK is server and SK8RAT is implant
Slack

No NA 131 Good for evasion

No NA 1 No updates in 5 years; web UI not authenticated

No NA 5

Twitter

No NA
s2universe.slack.com 189 NA Community edition available for evaluation and linked off the main

No NA 3 Beacons via DNS


b - Slack - O365 - LDAP - Printer - Unc Share File - MSSQL
1d3/merlin/tree/dev

Available as part of larger OST offering with multiple initial access and post-ex capabilities

ting-poshc2-indicators-of-compromise/
r user, Enterprise $1,000 a month up to 10 users

or the assets. (**) ATT&CK Mapping is easly integrated through custom topics, the default is CKC Mapping.

tion and linked off the main site

You might also like