Deploy a script that dynamically resolves various implant modules. Automatically resolve and install an HTTP C2 module. At runtime, tasks are sent to the agent which is able to resolve missing modules, install them, and run both shell and keyword-based TTPs.
The new agent, Hush, implements three kinds of modules: C2 modules, API modules, and Shell modules. C2 modules allow the agent to dynamically install and swap the current C2 channel. API modules enable TTPs that directly call APIs on macOS. Shell modules enable the agent to run TTPs inside shell environments.
The updated chain includes the ability to capture screenshots, record system audio, discover Dylib hijack opportunities, run subprocess, run shell commands, ingress various payloads, and install a plist persistence mechanism.
This chain includes the following resources:(hover over elements to read details)
- Print working directory using API calls
- Run a subprocess with NSTask
- Record room audio using microphone
- Grab a screenshot via API
- Discover weak Dylib loads with missing Dylibs
- Install a Hush current user plist persistence
- Install a payload request module
- Install an HTTP C2 module
- Install and test a shell execution module