Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN
________________________________________________________________________
1. (U) Scope
(U) This document establishes the User Guide for Athena v1.0 and for Hera v1.0. See Section 4
for a discussion of the specific characteristics of each system.
Table 1 - (U) Applicable Documents
Description Date Version
Athena v1.0 User Requirement Document –
OPS0001051
3-Feb-2016 REV G
Hera v1.0 User Requirement Document –
OPS0001743
15-Feb-2016 REV B
Athena v1.0 IV&V Report TBS TBS
2. (U) System Overview
(S//NF) The Athena System fulfills COG/NOD's need for a remote beacon/loader. Table 2 shows
the system components available in Athena/Hera v1.0. The target computer operating systems
are Windows XP Pro SP3 32-bit (Athena only), Windows 7 32-bit/64-bit, Windows 8.1 32-
bit/64-bit, Windows 2008 Enterprise Server, Windows 2012 Server, and Windows 10. Ubuntu
v14.04 is the validated Linux version. Apache 2.4 is the validated web server for the Listening
Post.
Table 2 - (S//NF) Athena System Components
Component /
Application Function Operating System
Language
Used
Builder
Provides the ability to build packages
for specified targets. (e.g. installers,
offline scripts, ram-only modules and
receipts)
Linux / Windows Python 3.4
Tasker
Provides the ability to task a specific
implant. (e.g. get, put, set, memload,
memunload, delete and uninstall)
Linux / Windows Python 3.4
Parser
Provides the ability to decode
responses from the target.
Linux / Windows Python 3.4
Listening Post
Provides interaction with the remote
target. All batch tasking files are
copied to this server for processing.
Linux(Apache) Python 3.4
Installer
Installs the tool onto the target system
(DLL file)
Windows x86/x64 C++
RamOnly
Execute a diskless version of the
implant as a DLL on the target
system (DLL file)
Windows x86/x64 C++
OffLine
Install the tool onto the target system
with physical access using Linux
Boot or Windows Recovery Console.
Linux / Windows x86/x64 bash/C++
SECRET//NOFORN 1