ioc-analysis

该技能没有明显恶意载荷、安装器或凭据窃取数据流，但其核心目的包含帮助红队设计和隐藏 C2 基础设施、规避 IOC、规避归因与加速 IOC 失效，属于不成比例的进攻性安全能力。整体应判为 SUSPICIOUS：不是已确认恶意软件，但对 AI 代理而言安全风险高。

This fragment provides an attacker-oriented, operationally actionable blueprint for malicious C2 infrastructure: it implements redirector frontends (Apache/Nginx/Cloudflare Worker) that filter inbound requests by IP/User-Agent/path and selectively proxy/fetch allowed endpoints to a hidden TEAMSERVER while redirecting other traffic to legitimate sites to evade scanners. It further includes explicit detection-evasion guidance (TLS/JARM/JA3/JA3S) and infrastructure “burn/rotate” procedures supported by threat-intel lookups and webhook notifications. Overall, it is strongly malicious in intent and capability; it should be treated as a high-risk/likely-malware supply-chain contamination indicator rather than a legitimate dependency.