Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

Shadow v1.0 User Guide SECRET
3.0 (U) Getting Started
3.1 (U) Creating Tasking Packets: Basic Overview
(S) On initial install of Shadow, it will perform a preliminary directory listing and system
survey to then be exfiltrated on any available usb drive. In order to send tasking to shadow,
you must use the Shadow Tasking Configuration Utility, which will build packets for the
Shadow network.
(S) There are several
user-configurable packets
available: Copy, execute,
update, survey,
collection; Each with its
own configuration tab.
All config options require
you to select a recipient
ID (which can be
determined from
postprocessed Shadow
data) and an output
directory. Additionally,
you may choose a file if
that operation requires it.
(S) The copy
operation requires a file
input, and destination on
the target machine to
place it. This could be
used for replacing target
programs/files with
trojaned versions.
(S) The execute operation also requires a file input, and allows execution of a payload.
As of now, all payloads will execute as System.
(S) The Update operation allows for operators to perform updates on Shadow: updating
the program version (requires file input), changing the node ID, or removing Shadow.
(S) The Survey & Tasking operation allows for directory listing / survey tasking, and the
File collect operation will collect specified files, as seen above.
SECRET
2

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh