Skip to content

v1.0.0: First Release Version! 🎉🎉
Compare
Choose a tag to compare
@iDigitalFlame iDigitalFlame released this 18 Nov 22:01
· 38 commits to main since this release
v1.0.0
e6c6e0b
This commit was signed with the committer’s verified signature.
iDigitalFlame iDigitalFlame
GPG key ID: 81A81FC1A60D7864
Verified
Learn about vigilant mode.

First Release version of ThunderStorm!!

Super Update!

First Version Number!!!

  • Bump to match XMT v0.4.5

New Features:

  • Flurries now have support for KillDate
    • Works similar to Bolt Killdate and will top Flurry operation after the specified
      date/time.
    • Specified as an ISO8601 timestamp in the JetStream config or command line.
  • Added GuardFirst to Bolts.
    • Allows for Bolts to setup the Guardian BEFORE starting up to prevent WorkHours
      from causing too many Bolts to run when active.
    • Enabled in the JetStream config or command line.
  • Bolt logging buildtag added.
    • Use the "log" buildtag to make Bolts log to STDOUT.
  • Bolts will exit if the Config they are supplied with has a KillDate that is after
    the current time.
  • Cirrus logger!
    • Can be separate or the same as the C2 log.
    • Can be specified by command line arguments.
      • Default log level is WARNING.
    • By default, it uses the C2 log file if not specified.
  • Cirrus will now offload non-active Scripts to disk after a period of time.
    • Scripts will be reloaded automatically if they are called/used.
  • Doppler CLI "prune" will NOT prune Bolts waiting on WorkHours, unless the "-f"/"--force"
    argument is specified.
  • Added support for reading KillDate, WorkHours and Capabilities.
  • Added the new task.Evade type with constants!
    • The "zerotrace" command is still active, but is just a compatibility call.
  • Files/Data used are now SHA256 hashed and logged!
    • Great for tracking back dropped files/data.
    • Includes written memory, Zombie, DLL and ASM!
  • New Docs!
  • New way to format data: Data Specification Identifiers!
    • Removed the old "!" method of declaring local files.
  • Doppler can now be ran using a config file instead of just arguments or env vars!

Support for New Tasks:

  • WTS*
  • CheckDLL
  • PatchDLL
  • Reboot
  • Poweroff
  • WorkHours
  • KillDate
  • Netcat
  • Funcmap
  • LoginUser (Interactive)
    • Added the "loginas" comand in Doppler.

Updates:

  • JetStream DLLs now support "DllGetClassObject".
  • Updated the builder to handle Golang 1.19.2 strings.
    • Builder will now error if a value is missing (indicates a Golang version incompatibility).
  • Added updates to README
  • Split shell file into multiple files to make editing easier.
  • Updated the Job/Session prune handler.
  • Fixed some log/output files permission for Cirrus.
  • Updated Migrate/Spawn handling code to match the new XMT update for it.
  • Job Pruner now will respect workhours and NOT expire jobs that are currently on
    hold due to WorkHours.
  • Changed some HTTP response codes to more match the errors that may result from
    the call.
  • Updated some of the Job text to match the result output.
  • Spell check fixes.

Full Changelog: https://github.com/iDigitalFlame/ThunderStorm/commits/v1.0.0

Assets 2
Loading