Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

Pg. 07
Boot PersistenceBoot PersistenceBoot
Persistence
Listening Post
The listening post will use Apache to support access to the ssl communications channel. It will
be the responsibility of Apache to extract out the data within the ssl container. The Python
support module called “bottle.py” will accept responses from Apache and handle the proper
management and reponse.
14. Directory Structure
fs\in\parent\child
Each target will have a parent directory. Once a target beacons to the server, a child directory
will be created.
fs\out\{all output information}
All data being received from the target will be placed into a single directory. This data can be
parsed byte the “parser” tool.
The response files will be stored as a GUID (e.g. {30996559-C169-490B-A40B-
4ADB597E0D19}).
15. Tasking Bits
The tasking files will be encode to support priority and persistence. The tasking data files are
stored as GUID strings with the following encoding.
{xx996559-C169-490B-A40B-4ADB597E0D19}
BYTE 1 – contains a priority value FF is highest priority while 00 is lowest. NOTE: 80 will be
default.
A plus (‘+’) will be prepended to the GUID to represent persistent data.
{+30996559-C169-490B-A40B-4ADB597E0D19}).

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh