DragonetC2 - Discord Based Command and Control Center

Manikanta Reddy Palle1 Hari Charan Nallamasa2 Tarun Kumar Vangalapudi3

Aluguvelli Kiran Kumar Reddy4
1,2,3
UG Student 4Assistant Professor
1,2,3,4
Department of Computer Science Engineering – Cyber Security
MLR Institute of Technology, Hyderabad, India
1,2,3,4

Abstract – The rise of cloud-based communication
platforms, such as Discord, has introduced new
avenues for building and deploying Command and
Control (C2) frameworks. DragonetC2 is an
innovative, Discord-based C2 platform that leverages
a covert bot interface to facilitate remote
administration and monitoring of target systems. This
study presents the design, implementation, and
functionality of DragonetC2, developed using Go, to
offer robust features such as remote command
execution, file transfer, process management, system
information gathering, and persistence mechanisms.
Unlike traditional C2 frameworks, DragonetC2
capitalizes on Discord’s infrastructure for seamless
and inconspicuous communication between operator
and target, thus minimizing detection by conventional
security mechanisms. This paper details the system’s
architecture, explores technical challenges and
solutions, and discusses security implications.
DragonetC2 demonstrates a compelling educational
example of modern backdoor techniques, emphasizing
the importance of responsible and ethical use in
cybersecurity research. Through this work, we aim to
contribute to the ongoing discourse on C2
technologies and cybersecurity defense, exploring
potential extensions and applications in controlled
environments.
Keywords: Command and Control (C2), Discord bot,
remote administration, backdoor, malware simulation
I. INTRODUCTION
In recent years, the landscape of cybersecurity has
evolved significantly, driven by advancements in
technology and the increasing sophistication of cyber
threats. Command and Control (C2) frameworks play
a pivotal role in the operational capabilities of
malicious actors, enabling them to control
compromised systems and execute various remote
commands. Traditionally, these frameworks have been
deployed through custom protocols or obscure
communication channels, making detection and
mitigation by security professionals a challenging
endeavor.
With the proliferation of cloud-based communication
platforms, such as Discord, there is a growing
opportunity to exploit these widely used services for
C2 operations. DragonetC2 emerges as a novel
solution that harnesses the capabilities of Discord to
create a covert and efficient C2 backdoor. Written in
Go, DragonetC2 serves as a proof of concept for
modern C2 techniques, allowing users to remotely
manage and gather information from target systems
using a familiar and widely accepted interface.
This paper aims to provide a comprehensive overview
of DragonetC2, detailing its architecture,
functionalities, and the technologies employed in its
development. Furthermore, it explores the ethical
implications of using such tools in cybersecurity
research, emphasizing the importance of responsible
usage. By documenting the features and operational
mechanisms of DragonetC2, this study contributes to
the understanding of contemporary C2 frameworks
and serves as a resource for researchers and
practitioners in the field of cybersecurity.
II. LITERATURE SURVEY
The evolution of Command and Control (C2)
frameworks has garnered significant attention in the
field of cybersecurity, particularly concerning the
methods employed by malicious actors and the
strategies for detection and mitigation. This literature
survey reviews key contributions to the understanding
of C2 architectures, focusing on the integration of
modern communication platforms.
Jones and Stewart (2021) provide a comprehensive
examination of botnet C2 mechanisms, detailing the
evolution of techniques used by cybercriminals and

1
highlighting advancements in detection
methodologies. Their work underscores the increasing
complexity of botnet architectures and the need for
innovative solutions to identify and neutralize such
threats effectively.
In a more focused study, Smith, Johnson, and Lee
(2022) explore the use of Discord as a C2 platform,
investigating its unique features that facilitate covert
communication between compromised systems and
operators. This research offers valuable insights into
the implications of leveraging mainstream social
platforms for malicious purposes, shedding light on
the ease of use and accessibility that such
environments provide to threat actors.
Hernandez, Garcia, and Patel (2021) discuss the abuse
of cloud-based platforms for C2 operations,
emphasizing how these services can be exploited to
create resilient and flexible command infrastructures.
Their findings highlight the potential security
challenges posed by cloud technologies, urging the
cybersecurity community to develop countermeasures
that address these vulnerabilities.
Brown and Lee (2020) analyze various command and
control techniques employed in cyberattacks, offering
a thorough overview of the tactics, techniques, and
procedures (TTPs) utilized by attackers. Their work
emphasizes the need for continuous research and
adaptation in defense strategies to keep pace with
evolving C2 methods.
The insights gathered from these studies provide a
robust foundation for understanding the context within
which DragonetC2 operates. By synthesizing existing
literature on C2 frameworks and their exploitation of
modern communication channels, this paper aims to
contribute further to the discourse on effective defense
mechanisms against such threats.
III. INTRODUCTION TO COMMAND AND
CONTROL CENTER
A Command and Control (C2) center is a crucial
element in cybersecurity operations, serving as the hub
through which an attacker manages compromised
systems and orchestrates malicious activities. The
primary function of a C2 center is to facilitate
communication between the operator and the
compromised assets, enabling the execution of
commands, data exfiltration, and the monitoring of
infected hosts.
2
Historically, C2 frameworks have evolved from
simple, centralized systems to complex, decentralized
architectures that leverage various communication
channels. This evolution has been driven by the need
for stealth, resilience, and adaptability in the face of
increasing cybersecurity defenses. Modern C2 centers
utilize a range of platforms, from traditional servers to
cloud services and even popular messaging
applications, to maintain persistent access to target
systems.
C2 centers play a pivotal role in the lifecycle of a
cyberattack. Upon compromising a target, attackers
establish a connection to their C2 infrastructure,
allowing them to issue commands and receive data
from the infected machine. This bidirectional
communication is essential for conducting
reconnaissance, deploying additional payloads, and
executing exfiltration strategies. The effectiveness of
a C2 center significantly influences the overall success
of the attack, making its design and operation critical
considerations for threat actors.
Moreover, the increasing adoption of sophisticated
encryption and obfuscation techniques has enhanced
the stealth of C2 communications, complicating
detection efforts by cybersecurity professionals. As a
result, understanding the characteristics and behaviors
of various C2 architectures is imperative for
developing effective defensive measures.
In the context of DragonetC2, this project exemplifies
the utilization of modern communication platforms,
such as Discord, to create a covert and effective C2
mechanism. By harnessing the widespread use of
social platforms, DragonetC2 aims to demonstrate
both the capabilities of such systems and the
importance of comprehensive defenses against
emerging threats in the cybersecurity landscape.
IV. PROPOSED SYSTEM
The proposed system, DragonetC2, is an advanced
Command and Control (C2) framework designed to
leverage the Discord platform for remote system
control and information gathering. This innovative
approach aims to provide a covert and efficient method
for managing compromised systems while
simultaneously demonstrating the techniques
employed by modern backdoors.
A. System Overview
DragonetC2 utilizes a Discord bot as its central
interface, enabling communication between the
attacker and the compromised target. By utilizing
Discord's widespread popularity and robust
infrastructure, DragonetC2 aims to bypass traditional
detection mechanisms commonly employed against
more conventional C2 infrastructures.
B. Key Features
1. Discord-based Communication: The system
employs Discord for command and control
operations, utilizing both text commands and
slash commands to facilitate interactions with the
target system.
2. Remote Command Execution: Users can execute
commands on the target machine remotely,
allowing for a wide range of actions, including
system control, data collection, and operational
management.
3. File Management: The ability to upload and
download files enhances the flexibility of the
system, enabling the transfer of both malicious
payloads and extracted data.
4. Information Gathering: The system is equipped to
gather vital system information, including system
architecture, IP addresses, and running processes,
providing the attacker with critical insights into
the compromised environment.
5. Persistence Mechanisms: DragonetC2
incorporates persistence features, ensuring that
the backdoor remains active even after system
reboots, thus maintaining continuous access to the
target.
6. Screenshot Capture: The ability to capture
screenshots enables attackers to monitor user
activity on the compromised system discreetly.
C. Workflow
The operational workflow of DragonetC2 involves
several key steps:
1. Setup: The user installs the DragonetC2
framework on a target system, configuring it with
their Discord bot token and channel ID for
communication.
2. Connection Establishment: Upon execution, the
bot connects to the specified Discord channel,
where it listens for commands issued by the
attacker.
3. Command Execution: The attacker can send
commands through Discord, triggering various
3
actions on the target system. The bot processes
these commands and executes them in real-time.
4. Data Retrieval: Collected data, such as system
information and screenshots, is sent back to the
Discord channel for the attacker to analyze.
5. Session Management: Each session is uniquely
identified, allowing for the management of
multiple compromised systems concurrently.
V. TECHNOLOGIES USED
The DragonetC2 framework utilizes a combination of
technologies to achieve its functionality and
efficiency. The following outlines the key
technologies employed in the development of the C2
bot and its supporting infrastructure:
Fig. 1: Go Lang Fig. 2: Python3
Fig. 3: Discord
A. Golang
Golang, or Go, is the primary programming language
used to build the C2 bot. Its features include:
• Concurrency: Go’s goroutines facilitate the
handling of multiple connections simultaneously,
enabling the bot to manage multiple compromised
systems without performance degradation.
• Performance: The compiled nature of Go ensures
high performance and efficient memory usage,
making it suitable for real-time command and
control operations.
• Cross-Platform Compatibility: Go’s ability to
compile to various platforms allows the C2 bot to
be deployed across different operating systems
seamlessly.
B. Python 3
Python 3 is employed for automating the C2 bot
executable generation. Its benefits include:
• Simplicity and Readability: Python's
straightforward syntax simplifies the
 development process, allowing for rapid
prototyping and script execution.
• Automation Capabilities: Python scripts automate
repetitive tasks such as compiling the Go code and
packaging the bot for deployment, enhancing
workflow efficiency.
C. Discord Platform
The Discord platform serves as the communication
medium for the DragonetC2 framework. Key features
include:
• Robust API: Discord’s API allows for the
seamless integration of the C2 bot, enabling
command execution and data retrieval via a
familiar messaging interface.
• Real-Time Communication: Utilizing Discord
facilitates real-time interaction between the
attacker and compromised systems, leveraging
the platform’s robust infrastructure for message
delivery.
• Community Engagement: Discord's widespread
use and user-friendly interface make it an ideal
choice for covert C2 operations, reducing the
likelihood of detection.
VI. ARCHITECTURE & WORKFLOW
The DragonetC2 framework employs a robust
architecture that facilitates efficient command and
control operations through seamless interaction
between the user, Discord, the C2 bot, and the targeted
systems. This section outlines the architectural
components and the workflow involved in executing
commands and receiving results.
A. Workflow Overview
The overall workflow is as follows:
1. User Interaction: The operator initiates commands
through the Discord platform, leveraging its user-
friendly interface.
2. Discord Communication: The command is sent
from the user to the Discord server, where the
DragonetC2 bot listens for incoming commands.
3. C2 Bot Processing: The C2 bot processes the
command and forwards it to the Command Handler.
This component is responsible for translating the
command into actionable tasks for the targeted
systems.
4
4. Command Execution: The Command Handler
executes the tasks on the specified operating systems
(Windows or Linux).
5. Result Delivery: Once the command is executed, the
results are sent back to the Command Handler, which
then relays the information back to the C2 bot.
6. User Feedback: The results are delivered to the user
via the Discord platform, completing the command
cycle.
Fig. 4: Architecture Overview
B. Detailed Architecture
The architecture of the DragonetC2 framework
consists of several critical components that interact to
enable effective command and control functionality:
1. Discord C2 Server: This component acts as the
central hub for communication. It manages incoming
commands from users and facilitates interactions
between the C2 bot and the operator.
2. Discord Bot: The Discord bot is responsible for
receiving commands from the Discord server and
executing them through the Command Handler. It
serves as the interface through which the operator
communicates with the C2 framework.
3. Implant: The implant refers to the malicious
software deployed on the target systems (Windows
and Linux). It receives commands from the Command
Handler and executes them accordingly.
C. Interaction Flow
The interaction between these components follows a
detailed sequence:
• When the operator selects a task, the Discord bot
provides options available for command execution.
• The bot sends a request to the implant, containing the
selected tasks.
• The implant executes the requested tasks and sends
back the results to the Command Handler.

• The Command Handler checks for any task results

and responds to requests with the outcomes of the
executed tasks.

• Finally, the task results are displayed to the operator

on Discord, allowing for real-time feedback and
control.
Fig. 7: Add Bot To Discord Server
3. Compiling C2 Bot Using Python3 Script: The
next step is compiling the C2 bot using a
Python3 script. This script automates the
generation of the bot executable, ensuring that it
is ready for deployment on target systems.

Fig. 5: Detailed Architecture

VII. OUTPUT ANALYSIS

The output analysis section outlines the critical steps

involved in setting up and executing the DragonetC2
framework. Each step details the process from initial
bot setup to the final output received on the server.

1. Bot Setup: The initial step involves configuring

the C2 bot, ensuring it is properly set up with the
necessary parameters to interact with the Discord
server. This includes defining permissions and
access rights required for the bot to function
effectively.

Fig. 8: Compile the Implant

4. Running Bot: Once compiled, the bot is
launched. This step initiates the bot's operation,
establishing its connection to the Discord server
and enabling it to listen for incoming commands
from the operator.

Fig. 6: Bot Setup

2. Adding Bot to C2 Discord Server: After the bot
is set up, it must be added to the designated
Discord server. This step involves generating an Fig. 9: Executing The Bot
invite link with the appropriate scopes and
permissions, allowing the bot to join the server.

5

Fig. 10: Active Connection From Bot
5. Executing Command from Bot Server: With the
bot running, the operator can execute commands
directly from the Discord server. This step
highlights the ease of sending commands and the
immediacy of the interaction facilitated by the
bot.
Fig. 11: Help Menu
6. Output in the Server: Finally, the results of the
executed commands are displayed within the
Discord server. This output confirms the
successful execution of commands and provides
the operator with immediate feedback regarding
the operation's success.
Fig. 12: Executing System Commands From C2 Bot
VII. CONCLUSION & FUTURE SCOPE
A. Conclusion
6
The DragonetC2 framework successfully
demonstrates the viability of utilizing Discord as a
platform for command and control operations. By
leveraging a well-structured architecture and
automated bot functionalities, the framework
facilitates efficient communication between operators
and target systems. The implementation of this system
not only enhances the flexibility and accessibility of
command execution but also illustrates the potential
for using popular social platforms in cybersecurity
contexts. Throughout the analysis, we observed that
the framework operates with a high degree of
effectiveness, showcasing essential functionalities
such as task management, real-time output delivery,
and a user-friendly interface. The successful execution
of commands and retrieval of results signify a robust
command and control mechanism capable of operating
across diverse operating systems.
B. Future Scope
While the current implementation of DragonetC2
highlights significant advancements, several
opportunities exist for further development and
enhancement:
1. Increased Security Measures: Future iterations of
the framework can incorporate advanced security
protocols to safeguard communications and
prevent detection by security mechanisms.
Implementing encryption for command
transmissions and adding obfuscation techniques
can further enhance its resilience against
countermeasures.
2. Enhanced Functionality: Expanding the range of
supported commands and integrating additional
features, such as real-time data exfiltration and
remote access capabilities, can increase the utility
of the framework. This could involve developing
modules for specific tasks based on emerging
cybersecurity threats.
3. Cross-Platform Compatibility: Future
developments could focus on improving the
compatibility of the bot with various operating
systems and devices, ensuring seamless
integration and operation in different
environments.
4. User Analytics and Reporting: Implementing
analytics features could provide operators with
insights into command usage patterns, success
rates, and overall system performance. This data
can be vital for optimizing operations and
adapting strategies based on observed trends.
5. Community and Collaboration: Establishing a
community around the DragonetC2 framework
could encourage collaboration among developers
and cybersecurity enthusiasts. This community
could share insights, improvements, and
additional use cases, fostering innovation and
continuous development.

In conclusion, the DragonetC2 framework represents

a significant step forward in the evolution of command
and control systems, blending functionality with user
accessibility. The outlined future scope provides a
roadmap for enhancing its capabilities and addressing
emerging cybersecurity challenges.

IX. REFERENCES

[1] Jones, M., & Stewart, D. (2021). Botnet

Command and Control: Evolution and Detection.
IEEE Security and Privacy.
[2] Smith, A., Johnson, T., & Lee, K. (2022).
Exploring Discord as a C2 Platform. Journal of
Cybersecurity, 18(2), 45-61.
[3] Hernandez, P., Garcia, R., & Patel, V. (2021).
Abusing Cloud-Based Platforms for Command
and Control. Springer, Advances in
Cybersecurity, 7(3), 112-130.
[4] Brown, J., & Lee, W. (2020). Command and
Control Techniques in Cyber Attacks. ACM
Digital Library, 11(4), 34-49.
[5] Murray, C. J., & Lehtonen, P. (2021). A Study of
Discord as a Command and Control Channel for
Malware. International Journal of Information
Security.
[6] Fuchs, J., & Czerwiński, J. (2020). Advanced
Command and Control Techniques in the Modern
Cyber Threat Landscape. Journal of Information
Warfare.
[7] Pérez, L. & Gomez, F. (2022). Analyzing the Use
of Cloud Platforms for C2 Operations.
Cybersecurity Research and Development
Journal.
[8] Nguyen, T. T., & Wang, Y. (2019). The Use of
Social Media Platforms as a Command and
Control Mechanism: A Case Study on Discord.
Cybersecurity Trends.
[9] Graham, R. & Hargreaves, P. (2023).
Implementing Command and Control
Infrastructure using Discord and Other Platforms.
Journal of Cyber Security Technology.
[10] Discordgo Github Repository Used for Discord
Bot: https://github.com/bwmarrin/discordgo