Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//ORCON//NOFORN
can be due to a blacklist / whitelist failure or a failed transport attempt. Once
this count is reached the Implant will uninstall.
In the example above, the maximum consecutive failures has been set to 10.
Transport List
The TransportList tag contains an ordered list of Transport tags defining the
members of the list.. The Assassin transports list size is limited to a compiled
size of 768 bytes.
Transport
The Transport tag specifies the configuration of one transport in the transport
list.
Attribute Definitions
type
The type attribute defines the type of transport being defined. Assassin
v1.4 supports the HTTPS transport.
tries
The tries attribute specifies the number of times the transport will be
attempted for communication before failing over to the next configured
transport in the list.
Field Definitions
Host
The host tag specifies the domain name or IP address of the listening
post or redirector to which the transport should send comms traffic.
This tag is used for the HTTPS transport type.
Port
The port tag defines the TCP port to which the transport should send
comms traffic. This tag is only used for HTTPS transport types.
ProxyCredentials
The proxy credentials tag is used to define credentials to pass to an
authenticating proxy during communication. If configured, the tag will
include two sub-tags, Username and Password. This tag is only used for
HTTPS transport types.
In the example above, we have defined one transport over HTTPS. The HTTPS
configuration allows for two failures, and it will attempt to communicate to the
host "assassin_lp". It will attempt this communication on port 443 and it doesn’t
have any proxy credentials provided.
Uninstall
149
SECRET//ORCON//NOFORN

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh