Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//ORCON//NOFORN
<Path>path2</Path>
</PathList>
<ProxyCredentials />
</Transport>
</TransportList>
<ChunkSize>1m</ChunkSize>
<Beacon>
<BackoffMultiple>1.5</BackoffMultiple>
<InitialWait>1m</InitialWait>
<DefaultInterval>1m</DefaultInterval>
<MaxInterval>5m</MaxInterval>
<Jitter>10s</Jitter>
</Beacon>
<HibernateSeconds>1m</HibernateSeconds>
<Uninstall>
<UninstallTimer />
<UninstallDate />
</Uninstall>
<MaxConsecutiveFails>10</MaxConsecutiveFails>
</Implant>
Field Definitions
Beacon
Assassin provides a series of settings to control the beacon timing. Those
settings are, the back off multiple, initial wait, default interval, maximum
interval, and jitter. The back off multiple is the value to multiply the current
beacon interval by when a failure occurs. Generally this value is greater than 1,
so the interval will increase with each consecutive failure. The initial wait is the
time to wait upon boot before attempting to beacon. The default interval is the
standard beacon wait time used when no failures have occurred. This time is also
used when a successful communication occurs after a series of failures. The
maximum interval defines the absolute maximum value the beacon interval can
be set to at any point. Jitter defines the amount of variance to use for each
beacon. This value must be less than the default interval.
In the example above, the back off multiple has been set to 1.5, the initial wait is
defined as 1 minute, the default interval is 1 minute, the maximum interval is 5
minutes, and the jitter is 10 seconds.
Blacklist
The Assassin Implant allows for an optional blacklist of programs to be set.
During a beacon attempt, if any of the programs listed in the blacklist are
running, and listed in the process list, the beacon will be stopped, and the
beacon failure count will be incremented.This will not affect the transport failure
count, since the transport was never attempted.
130
SECRET//ORCON//NOFORN