Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
Pg. 07
Boot PersistenceBoot PersistenceBoot
Persistence
Parser
Parser Tool
usage: parser.py [-h] [-r RECEIPT] [-i INPUT] [-o OUTPUT] [-m]
Athena Parser
optional arguments:
-h, --help show this help message and exit
-r RECEIPT, --receipt RECEIPT
This argument defines an existing receipt filename to
be used for processing.
-i INPUT, --input INPUT
This argument provides the ability to import a file or
directory of files.
-o OUTPUT, --output OUTPUT
This argument provides the output path location.
-m, --nomark This argument provides the ability to reuse a
processed directory. By default, the parsing code will
mark processed files with a date prefix. (e.g.
20150908_1010_{30996559-C169-490B-A40B-4ADB597E0D19}.
34. Parser Directory Structure
parsing (raw input to be parsed)
20150814_09-50-06_6158
output
20150814_09-50-06_6158
safeties
responses
35. Response Format
Filename: source name\responses\20150814_09-50-06_6158_type
Example: 20150814_09-50-06_6158\responses\20150814_09-50-06_6158_execute.txt
36.Common Response Header
Batch ID = 00001234
Command ID = 00000001
Command Type = execute
Command Status = 0
Error Code = 0
Module ID = 00000000