aryma/Ares-mythic
1
0
Fork 0
mirror of https://github.com/Aryma-f4/Ares-mythic.git synced 2026-06-12 18:44:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: rename apollo to ares and add ascii art display

Browse Source 
- Rename agent from "Apollo" to "Ares" across documentation and configuration
- Update config.json to reference Ares container image instead of Apollo
- Replace Apollo logo with Ares logo in documentation
- Rename workspace file from Apollo.code-workspace to Ares.code-workspace
- Add ASCII art display function to agent startup sequence
- Remove obsolete refactor analysis document
This commit is contained in:
Aryma
2026-04-14 13:15:43 +07:00
parent f673320936
commit 6321bfc31b
14 changed files with 109 additions and 293 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
documentation-payload/apollo/opsec/forkandrun.md
View File

@@ -8,9 +8,9 @@ weight = 102
"Fork and Run" is an agent architecture that spawns sacrificial processes in a suspended state to inject shellcode into.
## Fork and Run in Apollo
## Fork and Run in Ares
Apollo uses the fork and run architecture for a variety of jobs. These jobs will all first spawn a new process specified by the [`spawnto_x86`](/agents/apollo/commands/spawnto_x86) or [`spawnto_x64`](/agents/apollo/commands/spawnto_x64) commands. The parent process of these new processes is specified by the [`ppid`](/agents/apollo/commands/ppid/) command. Once the process is spawned, Apollo will use the currently set injection technique to inject into the remote process.
Ares uses the fork and run architecture for a variety of jobs. These jobs will all first spawn a new process specified by the [`spawnto_x86`](/agents/apollo/commands/spawnto_x86) or [`spawnto_x64`](/agents/apollo/commands/spawnto_x64) commands. The parent process of these new processes is specified by the [`ppid`](/agents/apollo/commands/ppid/) command. Once the process is spawned, Apollo will use the currently set injection technique to inject into the remote process.
The following commands use the fork and run architecture:

6
documentation-payload/apollo/opsec/injection.md
View File

@@ -4,9 +4,9 @@ chapter = false
weight = 102
+++
## Process Injection in Apollo
## Process Injection in Ares
Apollo has abstracted process injection into its own project and has the following techniques implemented:
Ares has abstracted process injection into its own project and has the following techniques implemented:
- CreateRemoteThread
- QueueUserAPC (early bird)
- NtCreateThreadEx (via Syscalls)
@@ -15,7 +15,7 @@ As an operator, sometimes one injection technique is more desirable than another
## Commands Leveraging Injection
All of Apollo's [fork and run commands](/agents/apollo/opsec/forkandrun/) use injection to inject into a sacrificial process; however, there are additional commands that inject into other processes. Those commands are:
All of Ares's [fork and run commands](/agents/apollo/opsec/forkandrun/) use injection to inject into a sacrificial process; however, there are additional commands that inject into other processes. Those commands are:
- [`assembly_inject`](/agents/apollo/commands/assembly_inject/)
- [`inject`](/agents/apollo/commands/inject/)

4
documentation-payload/apollo/opsec/keying.md
View File

@@ -4,7 +4,7 @@ chapter = false
weight = 103
+++
## Environmental Keying in Apollo
## Environmental Keying in Ares
Environmental keying is a technique that restricts agent execution to specific systems. If the keying check fails, the agent will exit immediately and silently without executing any code or attempting to connect to the C2 server.
@@ -16,7 +16,7 @@ Environmental keying helps protect against:
### Keying Methods
Apollo supports three methods of environmental keying:
Ares supports three methods of environmental keying:
#### 1. Hostname Keying