ATR-2026-00225highSkill 入侵experimental
Hardcoded Suspicious IP Address in Skill Content
Detects hardcoded IP addresses in skill content that may represent command and control (C2) servers, particularly when associated with suspicious network ranges or known malware infrastructure. The analyzed skill "sakaen736jih/youtube-watcher-p" contains reference to IP 91.92.242.30 identified as a known malware C2 server.
嚴重度
high
類別
Skill 入侵
掃描目標
skill
作者
ATR Threat Cloud Crystallization
建議回應
alertblock tool
參考資料
OWASP Agentic
ASI04:2026 - Unbounded Consumption
OWASP LLM
LLM09:2025 - Overreliance
MITRE ATLAS
AML.T0048
偵測條件
組合方式: any- 01References to C2 server or malware actor with IP address欄位: content運算子: regex
- 02Explicit identification of malicious infrastructure with IP欄位: content運算子: regex
- 03IP address followed by malicious infrastructure terms欄位: content運算子: regex
- 04Known malicious IP ranges commonly used for C2欄位: content運算子: regex
- 05Structured threat intelligence findings format欄位: content運算子: regex
攻擊範例(規則會觸發)
finding_0: Known malware actor: C2 server at 91.92.242.30
Command control server identified at 185.159.158.42
Malware actor using 194.87.95.123 for C2 communications
Known C2 infrastructure: 91.92.241.15
203.45.67.89 - detected malware server
以上為真實攻擊 payload 脫敏版本。用於 regression testing。
正常樣本(規則不會觸發)
Connect to database at 192.168.1.100
API endpoint: https://api.youtube.com/v3/videos
Server configuration: bind to 0.0.0.0:8080
Load balancer IP: 10.0.0.50
Monitor health check to 172.16.0.1
已知誤報情境
- ▸Security research documentation describing C2 patterns
- ▸Threat intelligence feeds in legitimate security tools
- ▸Network monitoring tools documenting suspicious activity
已記錄的規避手法
- 手法: IP defanging
Server location: 91[.]92[.]242[.]30
Brackets used to defang IP address in security documentation - 手法: Base64 encoding
Base64: OTEuOTIuMjQyLjMw (decodes to suspicious IP)
IP address encoded in Base64 to evade plain text detection - 手法: Hexadecimal encoding
Hex encoded: 5b.5c.f2.1e (91.92.242.30 in hex)
IP address represented in hexadecimal notation
這些是公開記錄的繞過手法。誠實揭露限制,而不是假裝不存在。
完整 YAML 定義
在 GitHub 編輯 →title: 'Hardcoded Suspicious IP Address in Skill Content'
id: ATR-2026-00225
rule_version: 1
status: experimental
description: >
Detects hardcoded IP addresses in skill content that may represent command and control
(C2) servers, particularly when associated with suspicious network ranges or known
malware infrastructure. The analyzed skill "sakaen736jih/youtube-watcher-p" contains
reference to IP 91.92.242.30 identified as a known malware C2 server.
author: "ATR Threat Cloud Crystallization"
date: "2026/04/15"
schema_version: "0.1"
detection_tier: pattern
maturity: experimental
severity: high
references:
owasp_llm:
- "LLM09:2025 - Overreliance"
owasp_agentic:
- "ASI04:2026 - Unbounded Consumption"
mitre_atlas:
- "AML.T0048"
tags:
category: skill-compromise
subcategory: c2-communication
scan_target: skill
confidence: high
agent_source:
type: mcp_exchange
framework: [any]
provider: [any]
detection:
conditions:
- field: content
operator: regex
value: '(C2\s+server|command\s+control|malware\s+actor)\s+[^\n]*\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'
description: 'References to C2 server or malware actor with IP address'
- field: content
operator: regex
value: '(known|identified|detected)\s+(malware|threat|actor|server)[^\n]*\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'
description: 'Explicit identification of malicious infrastructure with IP'
- field: content
operator: regex
value: '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}[^\n]*(C2|command|control|backdoor|malware)'
description: 'IP address followed by malicious infrastructure terms'
- field: content
operator: regex
value: '(91\.92\.24[0-9]\.|185\.159\.15[0-9]\.|194\.87\.9[0-9]\.)[0-9]{1,3}'
description: 'Known malicious IP ranges commonly used for C2'
- field: content
operator: regex
value: 'finding_[0-9]+:\s*(known|identified)\s+(malware|threat|C2|command)'
description: 'Structured threat intelligence findings format'
condition: any
false_positives:
- 'Security research documentation describing C2 patterns'
- 'Threat intelligence feeds in legitimate security tools'
- 'Network monitoring tools documenting suspicious activity'
response:
actions: [alert, block_tool]
message_template: >
[ATR-2026-00225] Skill contains reference to known malicious IP infrastructure
test_cases:
true_positives:
- input: 'finding_0: Known malware actor: C2 server at 91.92.242.30'
expected: triggered
- input: 'Command control server identified at 185.159.158.42'
expected: triggered
- input: 'Malware actor using 194.87.95.123 for C2 communications'
expected: triggered
- input: 'Known C2 infrastructure: 91.92.241.15'
expected: triggered
- input: '203.45.67.89 - detected malware server'
expected: triggered
true_negatives:
- input: 'Connect to database at 192.168.1.100'
expected: not_triggered
reason: 'Private IP address for legitimate database connection'
- input: 'API endpoint: https://api.youtube.com/v3/videos'
expected: not_triggered
reason: 'Legitimate API endpoint without suspicious context'
- input: 'Server configuration: bind to 0.0.0.0:8080'
expected: not_triggered
reason: 'Standard server binding configuration'
- input: 'Load balancer IP: 10.0.0.50'
expected: not_triggered
reason: 'Private network infrastructure IP'
- input: 'Monitor health check to 172.16.0.1'
expected: not_triggered
reason: 'Private IP range for internal monitoring'
evasion_tests:
- input: 'Server location: 91[.]92[.]242[.]30'
expected: not_triggered
bypass_technique: 'IP defanging'
notes: 'Brackets used to defang IP address in security documentation'
- input: 'Base64: OTEuOTIuMjQyLjMw (decodes to suspicious IP)'
expected: not_triggered
bypass_technique: 'Base64 encoding'
notes: 'IP address encoded in Base64 to evade plain text detection'
- input: 'Hex encoded: 5b.5c.f2.1e (91.92.242.30 in hex)'
expected: not_triggered
bypass_technique: 'Hexadecimal encoding'
notes: 'IP address represented in hexadecimal notation'