A Scalable Telegram-Based Botnet Framework for Stealthy Remote Command and Control
DOI:
https://doi.org/10.54654/isj.v2i25.1102Keywords:
social media, command and control, botnet, information securityTóm tắt
In this study, we analyze how Telegram Bots can be abused as a Command and Control (C2) infrastructure in cyberattacks. We propose a Telegram-based C2 model that enables attackers to control compromised systems without relying on a centralized server, thereby enhancing anonymity and evasion capabilities. Furthermore, we introduce detection and defense strategies based on network behavior monitoring and encrypted message analysis.
Downloads
References
M. J. Freedman, “Using Weblogs to Track and Analyze Internet Abuse, First Monday”, Vol. 7, No. 10, October 2002, Available at: https://firstmonday.org/ojs/index.php/fm/article/view/1057.
P. Agarwal, S. Nagaraja, P. Piyawongwisal, A. Houmansadr, V. Singh, N. Borisov, “Stegobot, A Covert Social Network Botnet”, Proceedings of the International Workshop on Information Hiding, Prague, Czech Republic, May 2011, pp. pp 200 313.
E. Athanasopoulos, A. Makridakis, S. Antonatos, D. Antoniades, S. Ioannidis, K. Anagnostakis, E. Markatos, Antisocial Networks: Turning a Social Network into a Botnet, ISC 2008, LNCS, Vol. 5222, Springer, Heidelberg, 2008, pp. 146–160.
D. Jaeger, M. Ussath, F. Cheng, C. Meinel, “Advanced Persistent Threats: Behind the Scenes”, Proceedings of the Annual Conference on Information Science and Systems (CISS), Princeton, USA, 2016, pp. 181 186.
H. Bos , C. J. Dietrich, F. C. Freiling, M. van Steen, C. Rossow, N. Pohlmann, “On Botnets that Use DNS for Command and Control”, Proceedings of the 7th European Conference on Computer Network Defense, Gothenburg, Sweden, September 2011, pp. 5 19.
S. Axelsson, “Intrusion Detection Systems: A Survey and Taxonomy”, Advances in Computers, Vol. 62, 2004, pp. 1–94.
F. Brezo, J. G. Puerta, I. Santos, D. Barroso, P. G. Bringas, “C&C Techniques in Botnet Development”, Proceedings of the International Joint Conference CISIS’12-ICEUTE’12 SOCO’12, Ostrava, Czech Republic, 2012, pp. 97 108.
C. A. Visaggio, T. H. Austin, I. K. Makkar, F. Di Troia, M. Stamp, “SocioBot: A Twitter Based Botnet”, International Journal of Security and Networks, Vol. 12, No. 1, March 2017, pp. 1 20.
J. Balatzar, J. Costoya, R. Flores, “The Real Face of Koobface: The Largest Web 2.0 Botnet Explained”, Technical Report, Trend Micro, 2009.
P. Agarwal, S. Nagaraja, P. Piyawongwisal, A. Houmansadr, V. Singh, N. Borisov, “Stegobot: A Covert Social Network Botnet”, Proceedings of the International Workshop on Information Hiding, Prague, Czech Republic, May 2011, pp. pp 200 313.
J. R. Binkley, S. Singh, “An Algorithm for Anomaly-Based Botnet Detection”, Proceedings of the Symposium on Reducing Unwanted Traffic on the Internet (SRUTI), 2006.
J. Svoboda, I. Ghafir, V. Prenosil, “A Survey on Botnet Command and Control Traffic Detection”, International Journal of Advances in Computer Networks and Its Security, Vol. 5, No. 2, October 2015, pp. 30 80.
J. A. Morales, S. Xu, E. J. Kartaltepe, R. Sandhu, “Social Network-Based Botnet Command and-Control: Emerging Threats and Countermeasures”, Proceedings of the International Conference on Applied Cryptography and Network Security, Beijing, China, June 2010, pp. 500 628.
X. Jiang, J. Cao, Y. Ji, Y. He, Q. Li, “Combating the Evasion Mechanisms of Social Bots”, Computers & Security, Vol. 58, No. C, May 2016, pp. 200 349.
R. J. Deibert, R. Rohozinski, “Cyber-Warfare and the State: The Role of Cybersecurity in International Relations”, International Affairs, Vol. 86, No. 6, 2010, pp. 1325–1346.
Tuan, T. A., Cuong, N. N., Anh, N. V., & Long, H. V. (2023). Proposing the application of a deep learning model to detect the malicious IP address of botnet in the computer network. Journal of Science and Technology on Information Security, 3(17), 43-52. DOI: https://doi.org/10.54654/isj.v3i17.894.
A. Al-Bataineh, Y. Iraqi, “Abuse of Cloud-Based and Public Legitimate Services as Command-and-Control (C&C) Infrastructure”, Cardiff University, Technical Report, 2023.
P. Vilhan, P. Marko, “Efficient Detection of Malicious Nodes based on DNS and Statistical Methods”, Proceedings of the IEEE 10th International Symposium on Applied Machine Intelligence and Informatics (SAMI), Herl'any, Slovakia, January 2012, pp. 200 245.
Son, D. T., Tram, N. T. K., & Hieu, P. M. (2022). Deep Learning Techniques to Detect Botnet. Journal of Science and Technology on Information Security, 1(15), 85-91. DOI: https://doi.org/10.54654/isj.v1i15.846.
A. H. Toderici, K. Ross, A. Singh, M. Stamp, “Social Networking for Botnet Command and Control”, International Journal of Computer Network and Information Security, Vol. 5, No. 6, May 2013, pp. 5 20.
T. Holz, J. Göbel: Rishi, “Identify Bot Contaminated Hosts by IRC Nickname Evaluation”, Proceedings of the 1st Conference on First Workshop on Hot Topics in Understanding Botnets (HotBots’07), Cambridge, USA, April 2007, pp. 1 20.
A. Lehtiö: C&C-As-A-Service, “Abusing Third-Party Web Services as C&C Channels”, Proceedings of the 25th Virus Bulletin International Conference, Prague, Czech Republic, September 2015, pp. 200 321.
Palo Alto Networks, “Command and Control Explained, Cyberpedia”, Available at: https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained.
T. Alsudais, “Cybersecurity Threats in the Healthcare Sector”, A Systematic Review, Information, Vol. 5, No. 1, Article 4, 2023, Available at: https://www.mdpi.com/2624-800X/5/1/4.
R. K. Mir, A. M. Lone, “Cybersecurity: Attacks and Defenses”, 2021 6th International Conference on Inventive Computation Technologies (ICICT), IEEE, pp. 1186–1190.
Splunk Security Research Team, “C2-Command and Control Explained”, Splunk Blog, April 2023, Available at: https://www.splunk.com/en_us/blog/learn/c2-command-and-control.html.
Sendmarc Security Blog, “Understanding the Steps in a Social Engineering Attack”, Sendmarc, March 2023, Available at: https://sendmarc.com/blog/understanding-the-steps-in-a-social-engineering-attack/.
Rapid7 Labs, “Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators”, Rapid7 Blog, May 2024.
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
