.. / Discord

Discord is a VoIP and instant messaging social platform.


Malware Hosting

Steps to host malware
		    Create a new discord account. Login and click on the plus sign that says Add a Server on the left hand side. Create a new server, ensure that its public. In the general channel, click on the plus symbol on the message bar and click upload. Fire up Burpsuite and turn proxy intercept mode on, click on the attachment to intercept the request. Right click on the GET request in Burpsuite and click on copy link. Youll now have a direct link to the malware via discords CDN.
Usecase: Hosting malware with a limited budget
Privileges required: None

C2 Channel

Steps to setup the C2 channel
		    Follow the instructions per additional tooling provided in references. If you use DiscordGo, you'll have to compile your agent and configure your automation, in addition to making a server, setting up a bot, and configuring the tokens, permissions, and channels.
Usecase: Implant management via non-standard C2 platform
Privileges required: None

DLL Hijacking

Steps to sideload a malicious dll
		    Attach ProcMon and start the Discord application. Filter for the values "ProcessName Contains Discord", "Result contains NOT FOUND" and "path ends with .dll" to check for viable abuse candidates. Generate a malicious DLL, and use a tool like Invoke-DLLClone to copy the export address table from your target dll, to your malicious one. Place the newly created DLL into the appropriate application folder, and start discord.
Usecase: Sideloading a Malicious DLL
Privileges required: User interaction/User
MITRE ATT&CK®: T1574.002