THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Operation Name | Description | ||
|---|---|---|---|
ACKNOWLEDGE | Operation used by MiNiFi C2 agents to acknowledge the receipt and execution of a C2 server requested operation | ||
CLEAR | Clears flow connection queues or repositories on the C2 agent | ||
| CONSUME | Consumes a heartbeat with an agent to avoid sending from other agents. Allows multiplexing responses from a condensed agent response. | ||
DESCRIBE | Currently Unused | EXECUTE | Executes commands on the agent's operating system. This feature may be disabled for any agent. |
HEARTBEAT | Heartbeat provides status and operational capabilities to C2 server(s) | ||
| PAUSE | Pauses the execution of flows on the C2 agent | ||
| REPLICATE | Replicates agent state between agents, with the ability to place agents in standby mode until they are needed. | ||
RESTART | Restarts C2 agents | ||
RESTART | Restarts C2 agents | ||
| RESUME | Resumes the execution | RESUME | Resumes the execution of flows on the C2 agent |
START | Starts components within the C2 agents | ||
| STOP | Stops components within the C2 agent | SUBSCRIBE | Allows servers or agents to subscribe to an agent's heartbeat , requesting specific information for the next heartbeat. |
| TRANSFER | Transfers an object between the C2 agent and C2 designator. | ||
| UPDATE | Updates components of the C2 agent or the flow configuration. |
...
Operations and their operands for agents
...
| Operation Name | Description | operand/name | content/args | ||||||
|---|---|---|---|---|---|---|---|---|---|
ACKNOWLEDGE | Operation used by MiNiFi C2 agents to acknowledge the receipt and execution of a C2 server requested operation | N/A | |||||||
| CLEAR | Clear repositories | repositories | N/A | ||||||
CLEAR | Clears the connection queues | connection | connection1=<connection name>, connection2=<connection 2> ... Will also accept a list <connection name1>,<connection name2>, ... | ||||||
| CLEAR | |||||||||
| CONSUME | Consumes a heartbeat within an agent to avoid sending from other agents | N/A | N/A | ||||||
| Clears component state | corecomponentstate | ||||||||
DESCRIBE | Return metrics | metrics | metricsClass=<metric class to obtain> | ||||||
| DESCRIBE | Return configuration options | N/Aconfiguration | N/A | ||||||
| DESCRIBE | Return agent manifest | N/Amanifest | N/A | ||||||
| DESCRIBE | policy events – Based on the defined policies | ||||||||
| EXECUTE | Executes commands per the agent's defined policies | command | arguments | ||||||
| Return backtraces from the state monitor | jstack | N/A | |||||||
| DESCRIBE | Return all core component states | corecomponentstate | N/A | ||||||
| HEARTBEAT | HEARTBEAT | heartbeat operation – may contain embedded heartbeats. | HEARTBEAT | N/A | N/Anonce of combined heartbeats | ||||
| PAUSE | Pauses C2 agents | N/A | N/A | REPLICATE | Replicates an Agent's state to another agent; with standby true the replicant is paused and awaits restart. | agent | standby=true/false | REPLICATE | Tells agents to replicate state to nearby agents |
| server | RESTART | Restarts C2 agents | N/A | N/A | |||||
| RESUME | Resumes C2 agents | N/A | N/A | ||||||
START | Starts components within the C2 agents | C2 FlowController <name of component to start> | N/A | ||||||
| STOP | Stops components within the C2 agent | C2 FlowController <name of component to stop> | N/A | SUBSCRIBE | Subscripts a C2 server to internal respondables ( Metrics , configuration, and policy/audit events ) . These will be placed into the heartbeat | enable/disable | subscribe=metrics, subscribe=configuration, subscribe=auditevents | ||
| TRANSFER | Transfers an object between the C2 agent and C2 designator. | N/Adebug | N/A | ||||||
UPDATE | Update flow | configuration | location=<URL to updated flow file> | ||||||
| UPDATE | Update c2 properties | c2 | configkey1=configvalue1, configkey2=configvalue2 ... *configkey1 is a configuration option that is updated and its new value | ||||||
| UPDATE | Update configuration options defined within agent policies | ||||||||
| UPDATE | Update agent | agent | location=<URL to agent binary or diff> partial=true/false ( optional) |
Operations and their operands for agents (Version 3)
...
ACKNOWLEDGE
...
CLEAR
...
connection1=<connection name>, connection2=<connection 2> ...
Will also accept a list
<connection name1>,<connection name2>, ...
...
DESCRIBE
...
UPDATE
...
configkey1=configvalue1, configkey2=configvalue2 ...
*configkey1 is a configuration option that is updated and its new value
...
RESTART
...
START
...
Operations and their operands for agents (Version 2)
...
ACKNOWLEDGE
...
CLEAR
...
connection1=<connection name>, connection2=<connection 2> ...
Will also accept a list
<connection name1>,<connection name2>, ...
...
DESCRIBE
...
UPDATE
...
configkey1=configvalue1, configkey2=configvalue2 ...
*configkey1 is a configuration option that is updated and its new value
| property | properties | propertykey1=propertyvalue1, propertykey2=propertyvalue2 ... |
...
RESTART
...
START
...
Operations and their operands for agents (Version 1)
| Operation Name | Description | operand/name | content/args |
|---|---|---|---|
UPDATE | Update flow | configuration | location=<URL to updated flow file>
Future Work
Future architecture of C2 should be open to the discussion of distributed architectures and multiple heads ( i.e. in a client server multiple client/servers in the case where we can talk to geographically distributed agents ).
...