c2-beacon-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs extracting and printing C2 configuration fields (C2 domains, pipe names, URIs, watermarks, etc.), which requires including sensitive configuration values verbatim in output and therefore presents an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is high-risk dual-use malware operational material: it contains explicit instructions and code to locate/decrypt C2 Beacon configurations and enumerate C2 endpoints, plus OPSEC/evasion techniques (process spawn/injection, memory encryption, AMSI/ETW bypasses, indirect syscalls, sleep obfuscation, profile customization) that deliberately enable backdoor operation and make detection/attribution harder.