After Midnight 1.2

After Midnight 1.2


AfterMidnight v1.2 (AM) is an infiltration platform that self-persists as a Windows Service DLL running from inside the netsvcs svchost.exe process. It provides secure execution of malware payloads, or ”Gremlins”, via a HTTPS based Listening Post (LP).

Once installed on a target machine AM will call back to a configured LP on a configurable schedule, checking to see if there is a new plan for it to execute. If there is, it downloads and stores all needed components before loading all new gremlins in memory. Gremlins run hidden on target and either subvert the functionality of target software; provide survey and exfiltration functions; or provide internal service or support for other gremlins.

All local storage is encrypted with an LP key that is not stored on the client. The special payload “Alpha Gremlin” has a custom script language which allows operators to schedule custom tasks to be executed on the target machine. If AM is unable to contact the LP it will be unable to execute any payload.

AfterMidnight Bundled Components:

AM Console - Windows or Linux compatible environment for designing plans

Octopus Listening Post - Python WSGI application handles connections using Apache as a proxy

Implant Service DLL

AfterMidnight Core

Alpha (Master) Gremlin

Multiple Default Gremlins - Process Gremlin, POST Process (log and data exfiltration)

User Required Software:

Python 3.4

WSGI compatible web-server (i.e., Apache)

OpenSSL 0.98 or higher

Target Systems:

Microsoft Windows

Products sold by OpenVault are for entertainment and educational purposes only. Customer’s are purchasing a physical copy of digital artwork (Software box) and tokenized certificate of ownership of the digital artwork.

Add To Cart