Once the bot was able to login to the IRC channel, it is in standby mode awaiting for the command from the attacker. We have listed below some of the commands that the Bot is prepared to do:
- reload – this will restart the connection of the bot to the IRC channel
- safe – safe mode activation / deactivation
- dns – this will display the dns information and the hostname of the bot
- info / vuln – this will display the information such as the OS used by the bot
- cmd – this will trigger the shell_exec function of the bot on the machine which can do about anything