Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

Athena Progress – December 8, 2015 – 11:30am
Minutes:
1) Send proxy information back to LP – YES – new response/parser update
2) Randomize URL – YES – create 5 templates with random information (this
happens always)
3) Beacon & deadman delay/timeout – what if someone turns the machine off
for 1 month? (make sure we tried a beacon recently - DONE
4) Priority 0-highest, 255-lowest? - DONE
5) Support foreground/background task (syn/async – exec) - DONE
6) Return 301/302 instead of 401 for beacon (no data) – PLEASE DO research on
301/302 issues
Try using cookies instead – base64 encode - DONE
Add accept language/ accept type / host headers - DONE
7) Allow date change in off-line configuration – should be set to original file
date/time – DONE(win)
8) What happens if a 1GB file fails halfway through processing – does state file
data continue where it left off. If YES, how does the parser support chunks of
files? NO WE DON’T DO THIS
9) Use parser_input directory as the default data to read into the parser - DONE
10) Athena goes to unit testing January 5
th
11) January & February will be test fixes and Athena Bravo(LLVM with
bzip2)
a. Installer – recompile with LLVM / change import list
b. Host – recompile with LLVM / change import list
Achievements:
1) XXXXX is tasking DART
2) State files are being left behind – FIXED critical section and remote file
encoding
3) Changed name - KBPSTHROUGHPUT -> MAX_CHUNK_SIZE
4) Changed name - FILE_PROCESSING_PATH -> STATE_FILE_PATH (delete existing
files if this is set)
5) Fixed parser mark (prevent reparsing of processed files) – included new
parser_input/parser_output directories
6) Fixed loader – validate platform x86/x64 to prevent exception during memory
load
7) Added SAFETY instruction – noop (persistent SET SAFETY command will not
change target state)
Test Cases:
1) Install / reboot – validate installation and check status after reboot (svchost)
2) Uninstall – validate cleanup
3) Get – retrieve files of different sizes
4) Put – write files of different sizes
5) Memload – load dlls
6) Memunload
7) Killfile
8) Offline win and lin (can this be automated?)
9) SET
10) Multiple commands in a batch

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh