{
	"id": "18a8116c-87c8-489a-8cea-c90b2b0d706a",
	"created_at": "2026-04-06T00:06:42.839089Z",
	"updated_at": "2026-04-10T03:20:31.689489Z",
	"deleted_at": null,
	"sha1_hash": "42d92b7e8abed575f5ce5adc2dfb671a3193381f",
	"title": "New RAT malware gets commands via Discord, has ransomware feature",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2126530,
	"plain_text": "New RAT malware gets commands via Discord, has ransomware feature\r\nBy Lawrence Abrams\r\nPublished: 2020-10-23 · Archived: 2026-04-05 15:58:40 UTC\r\nThe new 'Abaddon' remote access trojan may be the first to use Discord as a full-fledged command and control server that\r\ninstructs the malware on what tasks to perform on an infected PC. Even worse, a ransomware feature is being developed for\r\nthe malware.\r\nThreat actors abusing Discord for malicious activity is nothing new.\r\nIn the past, we have reported on how threat actors use Discord as a stolen data drop or have created malware that modifies\r\nthe Discord client to have it steal credentials and other information.\r\nhttps://www.bleepingcomputer.com/news/security/new-rat-malware-gets-commands-via-discord-has-ransomware-feature/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/new-rat-malware-gets-commands-via-discord-has-ransomware-feature/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nRAT uses Discord as a full C2 server\r\nA new 'Abaddon' remote access trojan (RAT) discovered by MalwareHunterTeam, though, could be the first malware that\r\nuses Discord as a full-fledge command and control server.\r\nA command and control server (C2) is a remote host that malware receives commands to execute on an infected computer.\r\nWhen started, Abaddon will automatically steal the following data from an infected PC:\r\nAbaddon will then connect to the Discord command and control server to check for new commands to execute, as shown by\r\nthe image below.\r\nReceive a task from the Discord server\r\nThese commands will tell the malware to perform one of the following tasks:\r\nSteal a file or entire directories from the computer\r\nGet a list of drives\r\nOpen a reverse shell that allows the attacker to execute commands on the infected PC.\r\nLaunch in-development ransomware (more later on this).\r\nSend back any collected information and clear the existing collection of data.\r\nThe malware will connect to the C2 every ten seconds for new tasks to execute.\r\nUsing a Discord C2 server, the threat actor can continually monitor their collection of infected PCs for new data and execute\r\nfurther commands or malware on the computer.\r\nDeveloping a basic ransomware\r\nOne of the tasks that can be executed by the malware is to encrypt the computer with basic ransomware and decrypt files\r\nafter a ransom is paid.\r\nThis feature is currently in development as its ransom note template contains filler as the developer works on this feature.\r\nhttps://www.bleepingcomputer.com/news/security/new-rat-malware-gets-commands-via-discord-has-ransomware-feature/\r\nPage 3 of 4\n\nIn-development ransomware component\r\nWith ransomware being extremely lucrative, it would not be surprising to see this feature completed in the future.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/new-rat-malware-gets-commands-via-discord-has-ransomware-feature/\r\nhttps://www.bleepingcomputer.com/news/security/new-rat-malware-gets-commands-via-discord-has-ransomware-feature/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"MITRE"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/new-rat-malware-gets-commands-via-discord-has-ransomware-feature/"
	],
	"report_names": [
		"new-rat-malware-gets-commands-via-discord-has-ransomware-feature"
	],
	"threat_actors": [],
	"ts_created_at": 1775434002,
	"ts_updated_at": 1775791231,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/42d92b7e8abed575f5ce5adc2dfb671a3193381f.pdf",
		"text": "https://archive.orkl.eu/42d92b7e8abed575f5ce5adc2dfb671a3193381f.txt",
		"img": "https://archive.orkl.eu/42d92b7e8abed575f5ce5adc2dfb671a3193381f.jpg"
	}
}