DNS Profile for Apollo v2

Payload_Type/apollo/agent_code/Apollo/Apollo.csproj

@@ -1,142 +1,146 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
-  <PropertyGroup>
-    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
-    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
-    <ProjectGuid>{F606A86C-39AF-4B5A-B146-F14EDC1D762C}</ProjectGuid>
-    <OutputType>Exe</OutputType>
-    <RootNamespace>Apollo</RootNamespace>
-    <AssemblyName>Apollo</AssemblyName>
-    <TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
-    <FileAlignment>512</FileAlignment>
-    <Deterministic>true</Deterministic>
-    <NuGetPackageImportStamp>
-    </NuGetPackageImportStamp>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
-    <PlatformTarget>AnyCPU</PlatformTarget>
-    <DebugSymbols>true</DebugSymbols>
-    <DebugType>full</DebugType>
-    <Optimize>false</Optimize>
-    <OutputPath>bin\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
-    <PlatformTarget>AnyCPU</PlatformTarget>
-    <DebugType>pdbonly</DebugType>
-    <Optimize>true</Optimize>
-    <OutputPath>bin\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-  </PropertyGroup>
-  <ItemGroup>
-    <Reference Include="Costura, Version=1.6.2.0, Culture=neutral, PublicKeyToken=9919ef960d84173d, processorArchitecture=MSIL">
-      <HintPath>..\packages\Costura.Fody.1.6.2\lib\portable-net+sl+win+wpa+wp\Costura.dll</HintPath>
-      <Private>False</Private>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="System.Core" />
-    <Reference Include="System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.PowerShell.5.ReferenceAssemblies.1.1.0\lib\net4\System.Management.Automation.dll</HintPath>
-    </Reference>
-    <Reference Include="System.Xml.Linq" />
-    <Reference Include="System.Data.DataSetExtensions" />
-    <Reference Include="Microsoft.CSharp" />
-    <Reference Include="System.Data" />
-    <Reference Include="System.Xml" />
-  </ItemGroup>
-  <ItemGroup>
-    <Compile Include="Agent\Apollo.cs" />
-    <Compile Include="Api\Api.cs" />
-    <Compile Include="Api\Cryptography\RSA.cs" />
-    <Compile Include="Api\DInvoke\DynamicInvoke\Generic.cs" />
-    <Compile Include="Api\DInvoke\DynamicInvoke\Native.cs" />
-    <Compile Include="Api\DInvoke\DynamicInvoke\Win32.cs" />
-    <Compile Include="Api\DInvoke\Injection\Allocation.cs" />
-    <Compile Include="Api\DInvoke\Injection\Execution.cs" />
-    <Compile Include="Api\DInvoke\Injection\Injector.cs" />
-    <Compile Include="Api\DInvoke\Injection\Payload.cs" />
-    <Compile Include="Api\DInvoke\ManualMap\Map.cs" />
-    <Compile Include="Api\DInvoke\ManualMap\Overload.cs" />
-    <Compile Include="Api\DInvoke\SharedData\Native.cs" />
-    <Compile Include="Api\DInvoke\SharedData\PE.cs" />
-    <Compile Include="Api\DInvoke\SharedData\Win32.cs" />
-    <Compile Include="Api\DInvoke\SharedUtilities\Utilities.cs" />
-    <Compile Include="Api\IO\Pipes.cs" />
-    <Compile Include="Config.cs" />
-    <Compile Include="Management\C2\C2ProfileManager.cs" />
-    <Compile Include="Management\Files\FileManager.cs" />
-    <Compile Include="Management\Identity\IdentityManager.cs" />
-    <Compile Include="Management\Peer\PeerManager.cs" />
-    <Compile Include="Management\Socks\SocksClient.cs" />
-    <Compile Include="Management\Socks\SocksManager.cs" />
-    <Compile Include="Peers\SMB\SMBPeer.cs" />
-    <Compile Include="Peers\TCP\TCPPeer.cs" />
-    <Compile Include="Program.cs" />
-    <Compile Include="Properties\AssemblyInfo.cs" />
-    <Compile Include="Management\Tasks\TaskManager.cs" />
-  </ItemGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj">
-      <Project>{5b5bd587-7dca-4306-b1c3-83a70d755f37}</Project>
-      <Name>ApolloInterop</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\EncryptedFileStore\EncryptedFileStore.csproj">
-      <Project>{21b9b3fa-acbf-4ed2-a0bb-2782e708f6f9}</Project>
-      <Name>EncryptedFileStore</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\HttpProfile\HttpProfile.csproj">
-      <Project>{74b393f3-4000-49ac-8116-dccdb5f52344}</Project>
-      <Name>HttpProfile</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\Injection\Injection.csproj">
-      <Project>{e4724425-fc2d-40ae-9506-553d5d9dd929}</Project>
-      <Name>Injection</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\NamedPipeProfile\NamedPipeProfile.csproj">
-      <Project>{3af39094-7f42-4444-a278-fa656eb4678f}</Project>
-      <Name>NamedPipeProfile</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\PlaintextCrypto\PlaintextCryptography.csproj">
-      <Project>{ed320ce0-c28f-4b07-a353-9b14c261e8a3}</Project>
-      <Name>PlaintextCryptography</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\Process\Process.csproj">
-      <Project>{6008a59e-80a4-4790-8fe3-01de201d71b3}</Project>
-      <Name>Process</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\PSKCrypto\PSKCryptography.csproj">
-      <Project>{c8fc8d87-30db-4fc5-880a-9cd7d156127a}</Project>
-      <Name>PSKCryptography</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\Tasks\Tasks.csproj">
-      <Project>{b9bda393-c258-44d3-8266-d62265008bd4}</Project>
-      <Name>Tasks</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\TcpProfile\TcpProfile.csproj">
-      <Project>{add40b1e-3c2e-4046-b574-fa0ed70fc64d}</Project>
-      <Name>TcpProfile</Name>
-    </ProjectReference>
-  </ItemGroup>
-  <ItemGroup>
-    <None Include="FodyWeavers.xml" />
-  </ItemGroup>
-  <ItemGroup>
-    <None Include="packages.config" />
-  </ItemGroup>
-  <ItemGroup />
-  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
-  <Import Project="..\packages\Fody.2.0.0\build\portable-net+sl+win+wpa+wp\Fody.targets" Condition="Exists('..\packages\Fody.2.0.0\build\portable-net+sl+win+wpa+wp\Fody.targets')" />
-  <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
-    <PropertyGroup>
-      <ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
-    </PropertyGroup>
-    <Error Condition="!Exists('..\packages\Fody.2.0.0\build\portable-net+sl+win+wpa+wp\Fody.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Fody.2.0.0\build\portable-net+sl+win+wpa+wp\Fody.targets'))" />
-    <Error Condition="!Exists('..\packages\Costura.Fody.1.6.2\build\portable-net+sl+win+wpa+wp\Costura.Fody.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Costura.Fody.1.6.2\build\portable-net+sl+win+wpa+wp\Costura.Fody.targets'))" />
-  </Target>
-  <Import Project="..\packages\Costura.Fody.1.6.2\build\portable-net+sl+win+wpa+wp\Costura.Fody.targets" Condition="Exists('..\packages\Costura.Fody.1.6.2\build\portable-net+sl+win+wpa+wp\Costura.Fody.targets')" />
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{F606A86C-39AF-4B5A-B146-F14EDC1D762C}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <RootNamespace>Apollo</RootNamespace>
+    <AssemblyName>Apollo</AssemblyName>
+    <TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <Deterministic>true</Deterministic>
+    <NuGetPackageImportStamp>
+    </NuGetPackageImportStamp>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="Costura, Version=1.6.2.0, Culture=neutral, PublicKeyToken=9919ef960d84173d, processorArchitecture=MSIL">
+      <HintPath>..\packages\Costura.Fody.1.6.2\lib\portable-net+sl+win+wpa+wp\Costura.dll</HintPath>
+      <Private>False</Private>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.PowerShell.5.ReferenceAssemblies.1.1.0\lib\net4\System.Management.Automation.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Agent\Apollo.cs" />
+    <Compile Include="Api\Api.cs" />
+    <Compile Include="Api\Cryptography\RSA.cs" />
+    <Compile Include="Api\DInvoke\DynamicInvoke\Generic.cs" />
+    <Compile Include="Api\DInvoke\DynamicInvoke\Native.cs" />
+    <Compile Include="Api\DInvoke\DynamicInvoke\Win32.cs" />
+    <Compile Include="Api\DInvoke\Injection\Allocation.cs" />
+    <Compile Include="Api\DInvoke\Injection\Execution.cs" />
+    <Compile Include="Api\DInvoke\Injection\Injector.cs" />
+    <Compile Include="Api\DInvoke\Injection\Payload.cs" />
+    <Compile Include="Api\DInvoke\ManualMap\Map.cs" />
+    <Compile Include="Api\DInvoke\ManualMap\Overload.cs" />
+    <Compile Include="Api\DInvoke\SharedData\Native.cs" />
+    <Compile Include="Api\DInvoke\SharedData\PE.cs" />
+    <Compile Include="Api\DInvoke\SharedData\Win32.cs" />
+    <Compile Include="Api\DInvoke\SharedUtilities\Utilities.cs" />
+    <Compile Include="Api\IO\Pipes.cs" />
+    <Compile Include="Config.cs" />
+    <Compile Include="Management\C2\C2ProfileManager.cs" />
+    <Compile Include="Management\Files\FileManager.cs" />
+    <Compile Include="Management\Identity\IdentityManager.cs" />
+    <Compile Include="Management\Peer\PeerManager.cs" />
+    <Compile Include="Management\Socks\SocksClient.cs" />
+    <Compile Include="Management\Socks\SocksManager.cs" />
+    <Compile Include="Peers\SMB\SMBPeer.cs" />
+    <Compile Include="Peers\TCP\TCPPeer.cs" />
+    <Compile Include="Program.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Management\Tasks\TaskManager.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj">
+      <Project>{5b5bd587-7dca-4306-b1c3-83a70d755f37}</Project>
+      <Name>ApolloInterop</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\DnsProfile\DnsProfile.csproj">
+      <Project>{2ed749a9-a6ff-4c49-bda5-e3435e50dd5e}</Project>
+      <Name>DnsProfile</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\EncryptedFileStore\EncryptedFileStore.csproj">
+      <Project>{21b9b3fa-acbf-4ed2-a0bb-2782e708f6f9}</Project>
+      <Name>EncryptedFileStore</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\HttpProfile\HttpProfile.csproj">
+      <Project>{74b393f3-4000-49ac-8116-dccdb5f52344}</Project>
+      <Name>HttpProfile</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\Injection\Injection.csproj">
+      <Project>{e4724425-fc2d-40ae-9506-553d5d9dd929}</Project>
+      <Name>Injection</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\NamedPipeProfile\NamedPipeProfile.csproj">
+      <Project>{3af39094-7f42-4444-a278-fa656eb4678f}</Project>
+      <Name>NamedPipeProfile</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\PlaintextCrypto\PlaintextCryptography.csproj">
+      <Project>{ed320ce0-c28f-4b07-a353-9b14c261e8a3}</Project>
+      <Name>PlaintextCryptography</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\Process\Process.csproj">
+      <Project>{6008a59e-80a4-4790-8fe3-01de201d71b3}</Project>
+      <Name>Process</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\PSKCrypto\PSKCryptography.csproj">
+      <Project>{c8fc8d87-30db-4fc5-880a-9cd7d156127a}</Project>
+      <Name>PSKCryptography</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\Tasks\Tasks.csproj">
+      <Project>{b9bda393-c258-44d3-8266-d62265008bd4}</Project>
+      <Name>Tasks</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\TcpProfile\TcpProfile.csproj">
+      <Project>{add40b1e-3c2e-4046-b574-fa0ed70fc64d}</Project>
+      <Name>TcpProfile</Name>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="FodyWeavers.xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="packages.config" />
+  </ItemGroup>
+  <ItemGroup />
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <Import Project="..\packages\Fody.2.0.0\build\portable-net+sl+win+wpa+wp\Fody.targets" Condition="Exists('..\packages\Fody.2.0.0\build\portable-net+sl+win+wpa+wp\Fody.targets')" />
+  <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
+    <PropertyGroup>
+      <ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
+    </PropertyGroup>
+    <Error Condition="!Exists('..\packages\Fody.2.0.0\build\portable-net+sl+win+wpa+wp\Fody.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Fody.2.0.0\build\portable-net+sl+win+wpa+wp\Fody.targets'))" />
+    <Error Condition="!Exists('..\packages\Costura.Fody.1.6.2\build\portable-net+sl+win+wpa+wp\Costura.Fody.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Costura.Fody.1.6.2\build\portable-net+sl+win+wpa+wp\Costura.Fody.targets'))" />
+  </Target>
+  <Import Project="..\packages\Costura.Fody.1.6.2\build\portable-net+sl+win+wpa+wp\Costura.Fody.targets" Condition="Exists('..\packages\Costura.Fody.1.6.2\build\portable-net+sl+win+wpa+wp\Costura.Fody.targets')" />
 </Project>

Payload_Type/apollo/agent_code/Apollo/Config.cs

@@ -14,6 +14,7 @@
 using ApolloInterop.Serializers;
 using NamedPipeTransport;
 using TcpTransport;
+using DnsTransport;
 
 namespace Apollo
 {
@@ -62,6 +63,35 @@ public static class Config
                 }
             },
 #endif
+#if DNS
+            { "dns", new C2ProfileData()
+                {
+                    TC2Profile = typeof(DnsProfile),
+                    TCryptography = typeof(PSKCryptographyProvider),
+                    TSerializer = typeof(EncryptedJsonSerializer),
+                    Parameters = new Dictionary<string, string>()
+                    {
+#if DEBUG
+                        { "callback_interval", "5" },
+                        { "callback_jitter", "0" },
+                        { "callback_domains", "abc.domain1.com,abc.domain2.com" },
+                        { "msginit", "init" },
+                        { "msgdefault", "default" },
+                        { "hmac_key", "HM4C_K3y@123" },
+                        { "encrypted_exchange_check", "T" }
+#else
+                        { "callback_interval", "callback_interval_here" },
+                        { "callback_jitter", "callback_jitter_here" },
+                        { "callback_domains", "callback_domains_here" },
+                        { "msginit", "msginit_here" },
+                        { "msgdefault", "msgdefault_here" },
+                        { "hmac_key", "hmac_key_here" },
+                        { "encrypted_exchange_check", "encrypted_exchange_check_here" }
+#endif
+                    }
+                }
+            },
+#endif
 #if SMB
             { "smb", new C2ProfileData()
                 {