DiscordCDNDropper

.NET dropper that downloads payload via Discord CDN. Payload is stored as Discord attachment (hidden with .dat extension). CDN URL signed (temporary access). RepositoryTokenFilter, injectlast strings.

Threat Profile
Type Loader
Programming LanguageC#/.NET
C2 ProtocolHTTPS/Discord CDN
First Seen2024
Targets Küresel
Purpose / Capabilities
  • Dropper/Discord Dead Drop
No C2 servers have been identified for this family yet.

Research Reports (2)

Medium

DiscordCDNDropper 41ed808a -- cdn.discordapp.com-attachments Jvvlpovxdup-dat-fake-extension RepositoryTokenFilter injectlast System-Net-Sockets CreateDelegate token-filter Discord-dead-drop | Orta

DiscordCDNDropper 41ed808a PE32 .NET x86 66KB. Discord CDN dead-drop: cdn.discordapp.com attachment Jvvlpovxdup.dat (.dat=gizli PE). RepositoryTokenFilter, injectlast, System.Net.Sockets.

Read Report →
High

DiscordCDNDropper NET_D3E0800E -- cdn.discordapp.com Jvvlpovxdup.dat Dead Drop Payload, injectlast Token Enjeksiyon Dize, RepositoryTokenFilter LoginPredicate Kimlik Dogrulama Bypass, System.Net.Sockets Ag Baglantisi | Yuksek

DiscordCDNDropper 41ed808a PE32 .NET 66KB. cdn.discordapp.com Jvvlpovxdup.dat dead drop payload. injectlast token enjeksiyon. RepositoryTokenFilter LoginPredicate kimlik bypass. System.Net.Sockets.

Read Report →