building-c2-redirector-infrastructure

Fail

Audited by Socket on Jun 23, 2026

2 alerts found:

SecurityMalware
SecurityMEDIUM
SKILL.md
MalwareHIGH
references/api-reference.md

This module/configuration fragment is highly indicative of malicious C2 infrastructure. It implements selective request fingerprinting (User-Agent/URI) to proxy matching traffic to a TEAMSERVER while redirecting non-matching traffic to a DECOY (302), and it includes additional covert ingress options (socat and iptables DNAT) plus disabled upstream TLS verification. The presence of generator tooling tied to Cobalt Strike malleable profiles strongly reinforces intent.

Confidence: 80%Severity: 97%
Audit Metadata
Analyzed At
Jun 23, 2026, 03:42 AM
Package URL
pkg:socket/skills-sh/mukul975%2FAnthropic-Cybersecurity-Skills%2Fbuilding-c2-redirector-infrastructure%2F@4340c77722efaa11dcfa4e13ed8e9fa5bf34e833cf56b51fbd01d7951e270a8e
Security Audit — socket — building-c2-redirector-infrastructure