DiscordCDNDropper
.NET dropper that downloads payload via Discord CDN. Payload is stored as Discord attachment (hidden with .dat extension). CDN URL signed (temporary access). RepositoryTokenFilter, injectlast strings.
Threat Profile
Type
Loader
Programming LanguageC#/.NET
C2 ProtocolHTTPS/Discord CDN
First Seen2024
Targets
Küresel
Purpose / Capabilities
- Dropper/Discord Dead Drop
No C2 servers have been identified for this family yet.
Research Reports (2)
DiscordCDNDropper 41ed808a -- cdn.discordapp.com-attachments Jvvlpovxdup-dat-fake-extension RepositoryTokenFilter injectlast System-Net-Sockets CreateDelegate token-filter Discord-dead-drop | Orta
DiscordCDNDropper 41ed808a PE32 .NET x86 66KB. Discord CDN dead-drop: cdn.discordapp.com attachment Jvvlpovxdup.dat (.dat=gizli PE). RepositoryTokenFilter, injectlast, System.Net.Sockets.
Read Report →DiscordCDNDropper NET_D3E0800E -- cdn.discordapp.com Jvvlpovxdup.dat Dead Drop Payload, injectlast Token Enjeksiyon Dize, RepositoryTokenFilter LoginPredicate Kimlik Dogrulama Bypass, System.Net.Sockets Ag Baglantisi | Yuksek
DiscordCDNDropper 41ed808a PE32 .NET 66KB. cdn.discordapp.com Jvvlpovxdup.dat dead drop payload. injectlast token enjeksiyon. RepositoryTokenFilter LoginPredicate kimlik bypass. System.Net.Sockets.
Read Report →