fix(builder): improve artifact packaging with optional helper support

Update move_first_existing function to handle optional artifacts gracefully
instead of raising FileNotFoundError. When optional artifacts are missing,
append informative messages to stdout_err instead of failing the build.

Also update agent icons to reference external PNG files instead of embedded
base64 data for better maintainability.

.github/workflows/docker.yml

@@ -79,7 +79,7 @@ jobs:
             org.opencontainers.image.source=${{ env.IMAGE_SOURCE }}
             org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
             org.opencontainers.image.licenses=${{ env.IMAGE_LICENSE }}
-          platforms: linux/amd64,linux/arm64
+          platforms: linux/amd64,linux/arm64,linux/arm64/v8
 
   update_files:
     runs-on: ubuntu-latest

.gitignore

@@ -4,6 +4,7 @@ __pycache__/
 **/*.dll
 # Sphinx documentation
 docs/_build/
+debug_vps/
 # Environments
 #.env
 .venv

Payload_Type/ares/Dockerfile

@@ -17,7 +17,11 @@ RUN /venv/bin/python -m pip install git+https://github.com/MEhrn00/donut.git@v2.
 COPY [".", "."]
 
 # fetch all dependencies
-RUN cd ares/agent_code && dotnet restore --verbosity quiet && rm donut ; cp /donut donut
+RUN chmod -R u+w /Mythic/ares/agent_code && \
+    cd ares/agent_code && \
+    dotnet restore Ares/Ares.csproj --verbosity quiet && \
+    rm -f donut && \
+    cp /donut donut
 RUN cd ares/agent_code && cp COFFLoader.dll /COFFLoader.dll
 
-CMD ["bash", "-c", "cp /donut ares/agent_code/donut && /venv/bin/python main.py"]
+CMD ["bash", "-c", "cp /donut /Mythic/ares/agent_code/donut && /venv/bin/python main.py"]

Payload_Type/ares/ares/agent_code/Ares.sln

@@ -3,7 +3,7 @@ Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 17
 VisualStudioVersion = 17.8.34525.116
 MinimumVisualStudioVersion = 10.0.40219.1
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "ApolloInterop", "ApolloInterop\ApolloInterop.csproj", "{5B5BD587-7DCA-4306-B1C3-83A70D755F37}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AresInterop", "AresInterop\AresInterop.csproj", "{5B5BD587-7DCA-4306-B1C3-83A70D755F37}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "HttpProfile", "HttpProfile\HttpProfile.csproj", "{74B393F3-4000-49AC-8116-DCCDB5F52344}"
 EndProject
@@ -11,7 +11,7 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PSKCryptography", "PSKCrypt
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PlaintextCryptography", "PlaintextCrypto\PlaintextCryptography.csproj", "{ED320CE0-C28F-4B07-A353-9B14C261E8A3}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Apollo", "Apollo\Apollo.csproj", "{F606A86C-39AF-4B5A-B146-F14EDC1D762C}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Ares", "Ares\Ares.csproj", "{F606A86C-39AF-4B5A-B146-F14EDC1D762C}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "NamedPipeProfile", "NamedPipeProfile\NamedPipeProfile.csproj", "{3AF39094-7F42-4444-A278-FA656EB4678F}"
 EndProject

Payload_Type/ares/ares/agent_code/Ares/Ares.csproj

@@ -1,43 +1,43 @@
-<Project Sdk="Microsoft.NET.Sdk">
-  <PropertyGroup>
-    <TargetFramework>net451</TargetFramework>
-    <OutputType>Exe</OutputType>
-    <LangVersion>12</LangVersion>
-    <Nullable>enable</Nullable>
-    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
-    <Platforms>AnyCPU;x64;x86</Platforms>
-  </PropertyGroup>
-  <ItemGroup>
-    <Reference Include="System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\..\..\..\..\..\..\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll</HintPath>
-    </Reference>
-    <Reference Include="System.Security" />
-  </ItemGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
-    <ProjectReference Include="..\DInvokeResolver\DInvokeResolver.csproj" />
-    <ProjectReference Include="..\EncryptedFileStore\EncryptedFileStore.csproj" />
-    <ProjectReference Include="..\HttpProfile\HttpProfile.csproj" />
-    <ProjectReference Include="..\HttpxProfile\HttpxProfile.csproj" />
-    <ProjectReference Include="..\HttpxTransform\HttpxTransform.csproj" />
-    <ProjectReference Include="..\Injection\Injection.csproj" />
-    <ProjectReference Include="..\KerberosTickets\KerberosTickets.csproj" />
-    <ProjectReference Include="..\NamedPipeProfile\NamedPipeProfile.csproj" />
-    <ProjectReference Include="..\PlaintextCrypto\PlaintextCryptography.csproj" />
-    <ProjectReference Include="..\Process\Process.csproj" />
-    <ProjectReference Include="..\PSKCrypto\PSKCryptography.csproj" />
-    <ProjectReference Include="..\SimpleResolver\SimpleResolver.csproj" />
-    <ProjectReference Include="..\Tasks\Tasks.csproj" />
-    <ProjectReference Include="..\TcpProfile\TcpProfile.csproj" />
-    <ProjectReference Include="..\WebsocketProfile\WebsocketProfile.csproj" />
-    <ProjectReference Include="..\AzureBlobProfile\AzureBlobProfile.csproj" />
-  </ItemGroup>
-  <ItemGroup>
-    <PackageReference Include="Costura.Fody" Version="5.7.0" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
-    <PackageReference Include="PolySharp" Version="1.14.1" />
-    <PackageReference Include="System.Data.DataSetExtensions" Version="4.5.0" />
-  </ItemGroup>
-
-</Project>
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net451</TargetFramework>
+    <OutputType>Exe</OutputType>
+    <LangVersion>12</LangVersion>
+    <Nullable>enable</Nullable>
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <Platforms>AnyCPU;x64;x86</Platforms>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\..\..\..\..\..\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Security" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\AresInterop\AresInterop.csproj" />
+    <ProjectReference Include="..\DInvokeResolver\DInvokeResolver.csproj" />
+    <ProjectReference Include="..\EncryptedFileStore\EncryptedFileStore.csproj" />
+    <ProjectReference Include="..\HttpProfile\HttpProfile.csproj" />
+    <ProjectReference Include="..\HttpxProfile\HttpxProfile.csproj" />
+    <ProjectReference Include="..\HttpxTransform\HttpxTransform.csproj" />
+    <ProjectReference Include="..\Injection\Injection.csproj" />
+    <ProjectReference Include="..\KerberosTickets\KerberosTickets.csproj" />
+    <ProjectReference Include="..\NamedPipeProfile\NamedPipeProfile.csproj" />
+    <ProjectReference Include="..\PlaintextCrypto\PlaintextCryptography.csproj" />
+    <ProjectReference Include="..\Process\Process.csproj" />
+    <ProjectReference Include="..\PSKCrypto\PSKCryptography.csproj" />
+    <ProjectReference Include="..\SimpleResolver\SimpleResolver.csproj" />
+    <ProjectReference Include="..\Tasks\Tasks.csproj" />
+    <ProjectReference Include="..\TcpProfile\TcpProfile.csproj" />
+    <ProjectReference Include="..\WebsocketProfile\WebsocketProfile.csproj" />
+    <ProjectReference Include="..\AzureBlobProfile\AzureBlobProfile.csproj" />
+  </ItemGroup>
+  <ItemGroup>
+    <PackageReference Include="Costura.Fody" Version="5.7.0" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
+    <PackageReference Include="PolySharp" Version="1.14.1" />
+    <PackageReference Include="System.Data.DataSetExtensions" Version="4.5.0" />
+  </ItemGroup>
+
+</Project>

Payload_Type/ares/ares/agent_code/Ares/Config.cs

@@ -1,4 +1,4 @@
-#define C2PROFILE_NAME_UPPER
+#define C2PROFILE_NAME_UPPER
 
 //#define LOCAL_BUILD
 
@@ -280,14 +280,14 @@ namespace Apollo
         public static int RegistryComparison = 1; // 1=Matches, 2=Contains
 #else
         // Environmental Keying Configuration
-        public static bool KeyingEnabled = keying_enabled_here;
-        public static int KeyingMethod = keying_method_here; // 1=Hostname, 2=Domain, 3=Registry
+        public static bool KeyingEnabled = "keying_enabled_here" == "true";
+        public static int KeyingMethod = int.Parse("keying_method_here"); // 1=Hostname, 2=Domain, 3=Registry
         public static string KeyingValueHash = "keying_value_hash_here";
 
         // Registry Keying Configuration
         public static string RegistryPath = "registry_path_here";
         public static string RegistryValue = "registry_value_here";
-        public static int RegistryComparison = registry_comparison_here; // 1=Matches, 2=Contains
+        public static int RegistryComparison = int.Parse("registry_comparison_here"); // 1=Matches, 2=Contains
 #endif
 
     }

Payload_Type/ares/ares/agent_code/Ares/Peers/Webshell/WebshellPeer.cs

@@ -10,7 +10,6 @@ using AS = ApolloInterop.Structs.ApolloStructs;
 using TTasks = System.Threading.Tasks;
 using ApolloInterop.Classes.Core;
 using ApolloInterop.Structs.ApolloStructs;
-using Tasks;
 using ApolloInterop.Utils;
 using System.Net;
 using System.IO;

Payload_Type/ares/ares/agent_code/Ares/Program.cs

@@ -12,6 +12,7 @@ using System.Collections.Concurrent;
 using ApolloInterop.Classes.Core;
 using ApolloInterop.Classes.Events;
 using ApolloInterop.Enums.ApolloEnums;
+using System.IO;
 using System.Runtime.InteropServices;
 using ApolloInterop.Utils;
 using System.Security.Cryptography;

Payload_Type/ares/ares/agent_code/AresInterop/AresInterop.csproj

@@ -3,9 +3,10 @@
     <TargetFramework>net451</TargetFramework>
     <OutputType>Library</OutputType>
     <LangVersion>12</LangVersion>
-    <Nullable>enable</Nullable>
+    <Nullable>disable</Nullable>
     <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
     <Platforms>AnyCPU;x64;x86</Platforms>
+    <NoWarn>$(NoWarn);0168;0169;0659;0660;0661;8632</NoWarn>
   </PropertyGroup>
   <ItemGroup>
     <Reference Include="System.Security" />
@@ -23,4 +24,4 @@
     <Compile Remove="Serializers\ApolloSerializationBinder.cs" />
     <Compile Remove="Serializers\EncryptedSMBSerializer.cs" />
   </ItemGroup>
-</Project>
+</Project>