Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//ORCON//NOFORN
1.2 Subsystems
Assassin consists of four subsystems: Implant, Builder, Command and Control, and
Listening Post.
Implant
The Implant provides the core logic and functionality of Assassin on a target
computer. An Implant is configured using the Builder and deployed to a target
Windows machine via some undefined vector.
The Implant subsystem consists of an Implant Executable and, optionally, a
Deployment Executable.
Builder
The Builder configures Implant and Deployment Executables before deployment.
The operator may configure the executables from scratch or provide a
configuration as a starting point. The Builder provides a custom command line
interface for setting the Implant configuration before generating the Implant. A
wizard mode is available to walk the operator through the build process.
Command and Control
The Command and Control (C2) subsystem provides an interface between the
operator and the Listening Post. It is used to generate tasks for an implant and
send them to an LP, process the results of those tasks received from an LP, and
handle logs collected from the LP.
The C2 consists of the User Interface, Task Generator, Queue Proxy, Post
Processor, Default Ingester, and Log Extractor.
Listening Post
The Listening Post (LP) subsystem facilitates communication between an
Assassin Implant and the C2 subsystem through a web server.
The LP consists of the Beacon Server, Queue, and Log Collector.
9
SECRET//ORCON//NOFORN