Option to use the cryptocurrency blockchain as a medium for transferring commands for botnet elements
I would like to develop the idea mentioned in the article “Follow the money: how the RTM group began to hide the addresses of C&C servers in a crypto wallet ” , which packed them into the number of Satoshi listed for two transactions on a specific crypto address. The malware, requesting the transfer data to such an address from the blockchain browser, by means of simple manipulations allocated the IP of the new C&C server.
We omit and condemn the criminal intentions of this group and dwell precisely on the principles and process of transmitting commands to elements of the botnet (EBS).
IMHO, this method has certain drawbacks - the bandwidth of this method (in terms of the amount of information per transfer) is small, and anyone who knows such a crypto address can send a certain amount to it, and sync the botnet, forcing it to contact a “trusted »For them to the server.
However, hidden EBS commands can be sent not to a separate address, but from a separate address A, a priori trusted for them. In this case, no one (except a person holding a private key) can perform such an operation.
The set of commands can be expanded by sending amounts to the addresses generated by the botnet administrator, in the name of which the necessary control information is encoded / encrypted.
In this case, a command of up to 20 bytes (letters, numbers, special characters) is converted (text to hex) to hex and then to a valid crypto address B. In this case, the command itself can be encoded / encrypted.
Let me give you a fantasy example. For clarity (PoC), I used a number of available online services.
1. From a trusted address A, a certain amount is transferred to the generated valid address B.
Example of address B generation: it is necessary to send information about the server 82.192.95.175 to the EBS from which it is possible to receive the update command from the server of module # 68, the activation / deactivation time of the module, as well as the encryption key (or the address of the additional blockchain browser, the execution command no later than the transmitted date, a new trusted crypto address, key, etc. etc. (the key can be sewn into the user agent and transferred only if it is necessary to change it, thereby saving 7 bytes of the command field)).
IP can be converted in a hundred ways, for example 082.192.095.175> 08.21.92.09.51.75 + 32 to each number (avoid unreadable ASCII characters).
Total 40.53.124.41.83.107 = (5 |) Sk represent in ASCII (6 bytes);
Team 68 = D;
The module activation time is 601234 = in Unix time , where the leading digit 1 is redundant, we will not transmit it (it is by default, since a change to 2 will only be in 2033), the lower three digits are also by default 000, because . don't really matter, it's + - 15 minutes.
Activation time - 1601234000 = September 27, 2019 19.13.20 GMT
Next, four digits, until which time the module should run - 0365 (days) from the activation time.
That is 6012340365 = 01665D088Dh = AAHpKn in ASCII. Also suppose the previous key was Key0001.
Total (5 |) SkDAAHpKnKey0002 using RC4 and Key0001 gives in hex: DD F6 B8 16 2A B6 71 97 0F 9F A2 68 79 11 8C B6 31 DA FE 43.
We convert hashtoaddress to a legacy btc address (this can be addressed to other cryptocurrencies dash, ltc, dogecoin, etc., it doesn’t matter, the algorithms for generating crypto addresses are open, the transfer will be cheaper and faster).
We get the address B (legacy) - 1MEdtjmGtqaGPaoYAQn43dkZxiSrSD8gmD.
(I remind you that in front of it is added one “1” - a byte sign , at the end - control 4 bytes).
This resource allows you to see firsthand the step-by-step conversion process (insert DDF6 ... on line 3 (RIPEMD-160 Hash of 2)).
However, in order not to stand out from the set of addresses of the already standard segwit-format, we present our line as (see here ).
Address B (segwit) - bc1qmhmts932kecewrul5f58jyvvkcca4ljrrgmpcd
2. We send a transfer of several hundred / thousand satoshi to this address from trusted A. The transfer amount can also carry information (for example, additional verification on an agreed basis, a command symbol for unconditional destruction / temporary shutdown of the botnet without the need to read the command transmitted in the address, etc.).
I’ll pay special attention to the fact that when sending, it must be borne in mind that the address for delivery must be the same as the address of delivery, or record the electronic address for delivery as a new trusted address.
A transaction is confirmed on average several minutes (subject to payment of a sufficient amount of commission floating depending on the network load).
The cost of transferring an amount of 1 thousand satoshi will be 7 rubles. (plus commission of 2-3 rubles). I repeat that with other cryptocurrencies it can be faster and cheaper by tens / hundreds of times.
3. From the side of the EBS there is a periodic survey of blockchain browsers (by API) from the available list (browsers are presented in a wide assortment) about the transfer from A.
Upon detection of the fact of sending a new transaction from A (and its confirmation), the information contained in the recipient address to which the transfer was made is decrypted (decoded) by the received key and accepted for execution.
Suppose the trusted address is bc1qsj0gm0r2c3hzq9yzfewl34yk2r760hy5za4x3q (segwit format).
At this address, the last outgoing transaction (approx. - not the last one, but this one ) passed to two addresses - bc1qmhmts932kecewrul5f58jyvvkcca4ljrrgmpcd and the change was the same as the sending address.
The transferred amount - 666 Satoshi - we decide that this is a conditional command to perform decoding.
Decode our address back to DDF6 ....
Convert to the form (5 |) SkD34 ,, +! Key0002 and decrypt with the key Key0001 (the key changes to Key0002).
Download the module from the server (access to the server can be implemented using the same key) and wait for the launch date of the module.
I note that it is necessary to use at least several browsers (they may turn off or restrict requests from some countries, such as bitflyer.jp , restricting from Russian and starting from Japanese IP).
The received information can be checked at least on one / two. The choice of browsers is great, only in the Electrum type list there are more than a dozen - blockchair.com, smartbit.com.au, bitupper.com, chain.so and many others. other
Please note that not all browsers support the segwit format. Therefore, you need to choose a middle ground, use the trusted address of the old or new formats.
An example of sending from a trusted address in the old format 186A8D7vdAHpFWdSAFHzZGfi44pPcwtZNc to the generated legacy address in raw
and segwit address
The use of various blockchain browsers emphasize their diversity.
I recall that a hidden message in an address from a transaction to be faked so that it was confirmed is impossible by definition.
I believe some of the points given here are useful to consider for information security experts.
It would be interesting to increase the stability of the botnet, in addition to browsers, to attract the capabilities of full nodes or nodes of popular wallets such as electrum, as well as organize duplex communication by generating the necessary transactions on the side of the electronic banking system. I would be grateful for thoughts on this subject, as well as reasonable criticism and suggestions.
We omit and condemn the criminal intentions of this group and dwell precisely on the principles and process of transmitting commands to elements of the botnet (EBS).
IMHO, this method has certain drawbacks - the bandwidth of this method (in terms of the amount of information per transfer) is small, and anyone who knows such a crypto address can send a certain amount to it, and sync the botnet, forcing it to contact a “trusted »For them to the server.
However, hidden EBS commands can be sent not to a separate address, but from a separate address A, a priori trusted for them. In this case, no one (except a person holding a private key) can perform such an operation.
The set of commands can be expanded by sending amounts to the addresses generated by the botnet administrator, in the name of which the necessary control information is encoded / encrypted.
In this case, a command of up to 20 bytes (letters, numbers, special characters) is converted (text to hex) to hex and then to a valid crypto address B. In this case, the command itself can be encoded / encrypted.
Let me give you a fantasy example. For clarity (PoC), I used a number of available online services.
1. From a trusted address A, a certain amount is transferred to the generated valid address B.
Example of address B generation: it is necessary to send information about the server 82.192.95.175 to the EBS from which it is possible to receive the update command from the server of module # 68, the activation / deactivation time of the module, as well as the encryption key (or the address of the additional blockchain browser, the execution command no later than the transmitted date, a new trusted crypto address, key, etc. etc. (the key can be sewn into the user agent and transferred only if it is necessary to change it, thereby saving 7 bytes of the command field)).
IP can be converted in a hundred ways, for example 082.192.095.175> 08.21.92.09.51.75 + 32 to each number (avoid unreadable ASCII characters).
Total 40.53.124.41.83.107 = (5 |) Sk represent in ASCII (6 bytes);
Team 68 = D;
The module activation time is 601234 = in Unix time , where the leading digit 1 is redundant, we will not transmit it (it is by default, since a change to 2 will only be in 2033), the lower three digits are also by default 000, because . don't really matter, it's + - 15 minutes.
Activation time - 1601234000 = September 27, 2019 19.13.20 GMT
Next, four digits, until which time the module should run - 0365 (days) from the activation time.
That is 6012340365 = 01665D088Dh = AAHpKn in ASCII. Also suppose the previous key was Key0001.
Total (5 |) SkDAAHpKnKey0002 using RC4 and Key0001 gives in hex: DD F6 B8 16 2A B6 71 97 0F 9F A2 68 79 11 8C B6 31 DA FE 43.
We convert hashtoaddress to a legacy btc address (this can be addressed to other cryptocurrencies dash, ltc, dogecoin, etc., it doesn’t matter, the algorithms for generating crypto addresses are open, the transfer will be cheaper and faster).
We get the address B (legacy) - 1MEdtjmGtqaGPaoYAQn43dkZxiSrSD8gmD.
(I remind you that in front of it is added one “1” - a byte sign , at the end - control 4 bytes).
This resource allows you to see firsthand the step-by-step conversion process (insert DDF6 ... on line 3 (RIPEMD-160 Hash of 2)).
However, in order not to stand out from the set of addresses of the already standard segwit-format, we present our line as (see here ).
Address B (segwit) - bc1qmhmts932kecewrul5f58jyvvkcca4ljrrgmpcd
2. We send a transfer of several hundred / thousand satoshi to this address from trusted A. The transfer amount can also carry information (for example, additional verification on an agreed basis, a command symbol for unconditional destruction / temporary shutdown of the botnet without the need to read the command transmitted in the address, etc.).
I’ll pay special attention to the fact that when sending, it must be borne in mind that the address for delivery must be the same as the address of delivery, or record the electronic address for delivery as a new trusted address.
A transaction is confirmed on average several minutes (subject to payment of a sufficient amount of commission floating depending on the network load).
The cost of transferring an amount of 1 thousand satoshi will be 7 rubles. (plus commission of 2-3 rubles). I repeat that with other cryptocurrencies it can be faster and cheaper by tens / hundreds of times.
3. From the side of the EBS there is a periodic survey of blockchain browsers (by API) from the available list (browsers are presented in a wide assortment) about the transfer from A.
Upon detection of the fact of sending a new transaction from A (and its confirmation), the information contained in the recipient address to which the transfer was made is decrypted (decoded) by the received key and accepted for execution.
Suppose the trusted address is bc1qsj0gm0r2c3hzq9yzfewl34yk2r760hy5za4x3q (segwit format).
At this address, the last outgoing transaction (approx. - not the last one, but this one ) passed to two addresses - bc1qmhmts932kecewrul5f58jyvvkcca4ljrrgmpcd and the change was the same as the sending address.
The transferred amount - 666 Satoshi - we decide that this is a conditional command to perform decoding.
Decode our address back to DDF6 ....
Convert to the form (5 |) SkD34 ,, +! Key0002 and decrypt with the key Key0001 (the key changes to Key0002).
Download the module from the server (access to the server can be implemented using the same key) and wait for the launch date of the module.
I note that it is necessary to use at least several browsers (they may turn off or restrict requests from some countries, such as bitflyer.jp , restricting from Russian and starting from Japanese IP).
The received information can be checked at least on one / two. The choice of browsers is great, only in the Electrum type list there are more than a dozen - blockchair.com, smartbit.com.au, bitupper.com, chain.so and many others. other
Please note that not all browsers support the segwit format. Therefore, you need to choose a middle ground, use the trusted address of the old or new formats.
An example of sending from a trusted address in the old format 186A8D7vdAHpFWdSAFHzZGfi44pPcwtZNc to the generated legacy address in raw
and segwit address
The use of various blockchain browsers emphasize their diversity.
I recall that a hidden message in an address from a transaction to be faked so that it was confirmed is impossible by definition.
Algorithm advantages
- There is no C2 server, calls go to blockchain browsers.
- Commands for EBS are unconditionally trusted.
- The medium for sending commands is blockchain, which does not allow blocking the sending / sending of commands.
- Blockchain is an extremely stable system (this does not apply to cryptocurrency volatility).
- Low cost of providing work.
- Simple implementation of the algorithm (open source data and code).
- No need to generate transactions or download blockchain.
Algorithm Features
- Simplex communication.
- Dependence on the stability of the browsers.
- Certain (albeit minimal) financial costs.
I believe some of the points given here are useful to consider for information security experts.
It would be interesting to increase the stability of the botnet, in addition to browsers, to attract the capabilities of full nodes or nodes of popular wallets such as electrum, as well as organize duplex communication by generating the necessary transactions on the side of the electronic banking system. I would be grateful for thoughts on this subject, as well as reasonable criticism and suggestions.
All Articles