What is it?

Command and Control (C2) profiles are the way an agent actually communicates with Apfell to get tasking and post responses. There are two main pieces for every C2 profile:

1. Server code - code that runs in a docker container to convert the C2 profile communication specification (twitter, slack, dropbox, websocket, etc) into the corresponding RESTful endpoints that Apfell uses

2. Agent code - the code that runs in a callback to implement the C2 profile on the target machine.

Where is it?

C2 profiles can be found by going to "Manage Operations" -> "C2 Profiles Management" from the top navigational bar.

How do they work?

Each C2 profile is in its own docker container, the status of which is indicated by the LED next to the C2 profile's name.

Each docker container has a python service running in it that connects to a rabbitmq message broker to receive tasking. This allows Apfell to modify files, execute programs, and more within other docker containers. Each docker container sends a heartbeat ever few seconds to the main Apfell server to indicate it is still up and running. If Apfell fails to get that notification for over 30 seconds, then the led will turn to a flashing red led.

The next few sections will walk through the two main C2 profiles and how they work along with what C2 profile code means for the server and for an agent.