Relays – An executable to be launched on a compromised host. Relays communicate through Interfaces either between one another or back to the gateway.
Gateway – A special relay that controls one C3 network. A C3 network cannot operate without an operational gateway. The gateway is the bridge back to the attacker’s infrastructure from Relays. The Gateway is also responsible for communicating back to a third-party C2 server (such as Cobalt Strike’s Teamserver).
Channels - An agreed scheme for relays to pass data between each other. For example Slack’s API.
Gateway Return Channel (GRC) - The configured channel that a relay will use to send data back to the gateway. Note that the GRC may be a route through another relay.
Interfaces – A high level name given to anything that facilitates the sending and receiving of data within a C3 network.
Routes – An intended path of communication across relays back to the gateway.
Peripheral – A third-party implant of a command and control framework. Peripherals talk to their native controllers via a ‘Controller’. For example, Cobalt Strike’s SMB beacon.
Connector – An integration with a third-party command and control framework. For instance the ‘External C2’ interface exposed by Cobalt Strike’s Teamserver through the externalc2_start command.