Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN
8.3 Deploying to target
Now with both our build and our targets created we can produce the actual binaries
that will be put on target. Because we’re using the same build for both targets we
can do generates at one time. Built files will be placed in
<workspace>/deploy/builds/<target name>
$ am generate MyExampleBuild Mr.A Mr.B
Building MyExampleBuild for Mr.A
Successfully built MyExampleBuild for Mr.A
Building MyExampleBuild for Mr.B
Successfully built MyExampleBuild for Mr.B
$ ls workspace/deploy/builds
Mr.A/ Mr.B/
$ ls workspace/deploy/builds/Mr.A/
AfterMidnight.dll am-core.obfuscated
$ ls workspace/deploy/builds/Mr.B/
AfterMidnight.dll am-core.obfuscated
Both files will have to be placed on each target.
In this case, am-core.obfuscated must be placed on target as
c:\windows\system32\am-core.obfuscated as was specified in the build.
AfterMidnight.dll can be renamed to <anything>.dll and placed anywhere on target.
In this example, to hide our presence, we’ll use c:\windows\system32\am.dll. This
should fool everyone.
Those files placed, we’ll use another CNE tool, such as Drone or ShellTerm, to load
the am.dll. When loaded the first time it will automatically install itself as a service.
58
SECRET//NOFORN