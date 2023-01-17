The Discord bot, written in JavaScript, leveraged a node.js module enabling the bot to communicate autonomously to the Discord API using an API key. Upon startup, the bot establishes a connection to the Discord API using the API key, ”guild id,” and “channel id” enabling the bot to monitor the specified channel for new messages.

The Discord bot contains two main functions leveraged for command execution and data exfiltration.

As new messages are posted to the channel, the Discord bot collects and processes the messages. Each message is decrypted and passed off to the command function where the instructions contained in the message will be executed.

In parallel to monitoring the Discord channel for new messages, the bot checks a hardcoded temp folder on a loop for new files with a “.dat” extension. When a new “.dat” file is detected, the bot chunks the file into base64 encoded and encrypted segments. The chunked files are then sent to the Discord channel as individual messages.