Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

Gyrfalcon 2.0 SECRET//NOFORN
4.3.3.4 (U) Directory must exist on the target platform.
4.3.3.5 (U) Relative directories are allowed relative to the application directory.
4.3.3.6 (U) Absolute directories are also allowed.
4.3.4 (S//NF) “What do you want to name the encrypted configuration file?”
4.3.4.1 (U) File name can be anything between 1 and 15 characters long.
4.3.5 (U) “What do you want to name the collection file?”
4.3.5.1 (U) File name can be anything between 1 and 15 characters long.
4.3.6 (U) “What do you want to name the client file?”
4.3.6.1 (U) File name can be anything the operator wants it to be.
4.3.6.2 (U) Rename the local application, “client”, according to your answer.
4.3.7 (U) “What is the target computer processor?”
4.3.7.1 (U) At this time, the only answer to this question is “intel”.
4.3.8 (U) “[ IPv4/IPv6 | IPv4 CIDR | hostname | FQDN ] – “
4.3.8.1 (U) Any valid IPv4 or IPv6 address is allowed – or –
4.3.8.2 (U) Any valid IPv4 CIDR address (i.e., 10.0.0.0/24) is allowed – or –
4.3.8.3 (U) Any valid alphanumeric hostname is allowed – or –
4.3.8.4 (U) Any valid FQDN (i.e.,
www.google.com) is allowed.
4.3.8.5 (U) Address can be any of the above between 1 and 31 characters long.
4.3.9 (U) “[ ignore | partial | full | execute ] – “
4.3.9.1 (S//NF) Partial collects enough of the OpenSSH session to collect the user
name and password for each connection.
4.3.9.2 (S//NF) Full collects the entire OpenSSH session from beginning to end.
4.3.9.3 (S//NF) Execute is not complete at this time, but the script will allow the
operator to configure the white list with execute the behavior of the Gyrfalcon
library is similar to the ignore command.
4.3.9.4 (S//NF) Ignore is the default behavior meaning if the remote host on the
OpenSSH session is not in the white list, then the Gyrfalcon library ignores the
session.
4.4 (U) After executing genconfig.py, the local working directory should consist of the
following files.
4.4.1 genconfig.py
4.4.2 postproc.py
4.4.3 archive_file
4.4.4 archive_file_YYYY-MM-DD_HH:MM:SS.MS.tar.bz2
4.4.4.1 Where archive_file is a symbolic link to archive_file_YYYY-MM-
DD_HH:MM:SS.MS.tar.bz2.
4.5 (U) At this time, the archive file will contain the following files.
4.5.1 public.pem
4.5.2 private.pem
4.5.3 receipt.xml
November 2013 SECRET//NOFORN//20381126 7

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh