Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
UNCLASSIFIED//FOUO
ATHENA DEMO – November 24, 2015
Overview
Athena is a beacon/loader tool. It hijacks DNSCACHE to obfuscate its persistence.
The internal architecture manages a demand load interface that will only load the
command module (business logic) during a beacon and will tear down the command
module when commands complete.
Builder
The builder is a command line tool that will build a new target reference
(installer/offline/ramonly).
Command Line:
Builder Tool
usage: builder.py [-h] [-i SYSTEM_BINARY_PATH] [-r SYSTEM_IMPORT_XML]
[-o SYSTEM_EXPORT_PATH] [-w] [--debug]
Athena Configuration
optional arguments:
-h, --help show this help message and exit
-i SYSTEM_BINARY_PATH, --input SYSTEM_BINARY_PATH
This argument provides the location of the raw binary
data files. (NOTE: .\bin is the default path).
-r SYSTEM_IMPORT_XML, --receipt SYSTEM_IMPORT_XML
This argument defines an existing receipt filename to
be used for default values.
-o SYSTEM_EXPORT_PATH, --output SYSTEM_EXPORT_PATH
This argument provides the output directory path to
store the target files (NOTE: .\builder_output is the
default path).
-w, --wizard This argument will request information from the user
via the wizard.
--debug This argument allows debugging information to be
included in the output directory.
Example: (Athena_suite) – use default paths – this command will also display the
wizard.
Python.exe builder.py
UNCLASSIFIED//FOUO