graph TD Operator[[Operator]] --> C2_Client[[C2 Client]] C2_Client -->|Sends Commands| C2_Server[[C2 Server]] C2_Server -->|Controls| C2_Agent[[C2 Agent]] C2_Agent -->|Beacons Back| C2_Server C2_Agent -->|Executes on| Compromised_Host[[Compromised Host]] Operator -->|Generates| Payload[[Malware Payload]] Payload -->|Deploys| C2_Agent C2_Agent -->|Exfiltrates Data| C2_Server C2_Server -->|Stores Data| Exfil_DB[[Exfiltration Database]] classDef red fill:#ffcccc,stroke:#ff0000; classDef blue fill:#cce5ff,stroke:#0066cc; classDef green fill:#ccffcc,stroke:#009900; class Operator,C2_Client,Payload red; class C2_Server,Exfil_DB blue; class C2_Agent,Compromised_Host green;
Overview
Command and Control or C2 framework is a platform to control and manage compromised systems remotely. Act as a central hub, where it can manage hundred of compromised systems in a target network.
A typical C2 framework consists of 3 parts:
- C2 Server
- C2 Client
- C2 Agent
The C2 server is the command center, the client is the interface used by the attacker, and the agent is the software installed on the compromised systems to facilitate communication.