A recent dark web announcement has revealed the sale of a sophisticated Command and Control (C2) framework named “DIANA,” designed explicitly for advanced threat actors. The seller is offering the complete package, which includes full source code and continuous updates, for $3,700. The seller claims that DIANA is a powerful tool capable of bypassing Endpoint Detection and Response (EDR) solutions, making it an attractive option for cybercriminals looking to conduct stealthy operation
Key Features of DIANA:
- Web-Based C2 Panel: DIANA’s interface is fully web-based and responsive, allowing operators to control it from various devices, including mobile phones. This flexibility ensures ease of use in different environments.
- Advanced Malware Capabilities: Attackers can install implants on target devices and control them remotely. DIANA uses standard technologies like HTTP for compatibility, avoiding the need for proprietary protocols. As a result, the framework remains versatile across different scenarios.
- EDR and IDS Bypass: DIANA can evade detection by EDR and Intrusion Detection Systems (IDS), using legitimate services as a proxy. This approach makes its traffic appear normal, even to network-level protections, significantly increasing its stealth capabilities.
- Customization and Flexibility: Users can customize DIANA’s pre-built payloads with various options to bypass security measures. Additionally, the framework supports collaboration, allowing multiple users to operate on the same target simultaneously. This feature is particularly beneficial for coordinated attacks.
- Stealth Features: DIANA can be deployed behind Cloudflare, which increases its resilience against takedown attempts. Moreover, it includes “decoy pages” that further conceal the C2’s existence, adding another layer of security for the operator.
- Easy Deployment: DIANA is user-friendly, simplifying the setup process. The seller provides a script that automates the installation of web servers, databases, and the framework itself. Consequently, even users with limited technical skills can deploy it effectively.
- Cross-Platform and IoT Compatibility: DIANA is versatile, working on various devices, including IoT, by avoiding the storage of any state on the target device. This feature ensures that DIANA remains operational across different platforms.
The framework is written in multiple programming languages, including PHP, HTML, CSS, JavaScript, Go, Python, MySQL, and Bash, emphasizing its adaptability.
The sale of DIANA underscores the growing sophistication of tools available to cybercriminals. The ability to bypass modern security solutions like EDR and IDS could lead to significant breaches. Therefore, organizations should strengthen their security measures and remain vigilant against such advanced threats
