Athena/Hera for Ubuntu v14.04 fulfills the need for a remote beacon and loader combination targeting computers running a range of Windows versions.
Athena is the primary implementation for use on WinXP through Win10 operating systems, which uses the RemoteAccess service for persistence, ZLIB for compression and XTEA for encryption on disk.
Hera is a secondary implementation for Windows 8 through Windows 10, which uses the Dnscache service for persistence, BZIP2 for compression and AES 256 for encryption on disk.
Apache 2.4 is the validated web server for the ListeningPost.
Summary of Capabilities:
Executes on the Windows XP (SP3)/7/8.1/2008/2012/10 (x86/x64) operating systems.
Provides a beaconing capability that provides configuration and task handling
Provides memory loading/unloading of DLLs on the target system
Provides delivery and retrieval of files to/from a specified directory on the target system
Allows the operator to configure settings during runtime (while the implant is on target)
Builder, Tasker, Parser, Listening Post, Installer, ram only and offline capabilities.
Theory of Operation:
The Builder (builder.py) is used to tailor an implant for the specific operational scenario. The configured implant (Installer) is deployed on a target computer.
The Installer modifies the target registry and drops the host file (IprCache.dll default) and data file (ras.cache default) in their specified locations. The tool then restarts the RemoteAccess service and launches the Athena Engine in the netsvcs svchost.exe process.
The installed tool will beacon to the Listening Post (LP) to receive tasking.
The Tasker (tasker.py) is used to task the implant. The Parser (parser.py) is used to decode the results retrieved from the Listening Post.
Products sold by OpenVault are for entertainment and educational purposes only. Customer’s are purchasing a physical copy of digital artwork (Software box) and tokenized certificate of ownership of the digital artwork.