Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
Aeris 2.1 User Guide
DESCRIPTION
Aeris is an automated implant written in C that supports a number of POSIX-based systems.
PLATFORM SUPPORT
Debian Linux 7 (i386)•
Debian Linux 7 (amd64)•
Debian Linux 7 (ARM)•
Red Hat Enterprise Linux 6 (i386)•
Red Hat Enterprise Linux 6 (amd64)•
Solaris 11 (i386)•
Solaris 11 (SPARC)•
FreeBSD 8 (i386)•
FreeBSD 8 (amd64)•
CentOS 5.3 (i386)•
CentOS 5.7 (i386)•
FEATURES
Configurable beacon interval and jitter•
Standalone and Collide-based HTTPS LP support•
SMTP protocol support•
TLS Encrypted communications with mutual authentication (Appendices C and D)•
Compatibility with the NOD Cryptographic Specification (Appendices C and D)•
Structured command and control that is similar to that used by several Windows
implant- (section IV)
•
Automated file exfiltration (section IV)•
Simple and flexible deployment and installation (section III).•
DISTRIBUTION
The Aeris distribution consists of a set of Python utilities together with a set of
binaries, with one binary per platform listed in Section I. These binaries (which we call
unpatched binaries) are fully functional but are not deployable because they do not contain
configuration information. Instead, they contain placeholders (GUIDs and static buffers)
that will be overwritten with the appropriate information at build time. The Aeris builder
generates a valid configuration based on user input and uses that configuration to create a
deployable Aeris instance.
Aeris includes the following files:
aeris/ Python/script libraries•
bin/ Unpatched binaries•
cgi/agnt.c HTTPS CGI LP source code•
cgi/agnt.cgi Statically compiled ELF32 HTTPS CGI program•
docs/ Documentation•
builder.py Script - builds a new instance•
SECRET//NOFORN