



<!DOCTYPE html>
<html>
<head>
  
  
  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="stylesheet" type="text/css" href="../../../css/leak-styles.css"/>
  <title>WikiLeaks - Vault 7: Projects</title>
  
  <link href="../../../document/Assassin_v1_3_Users_Guide//base.min.css" rel="stylesheet">
<link href="../../../document/Assassin_v1_3_Users_Guide//fancy.min.css" rel="stylesheet">
<link href="../../../document/Assassin_v1_3_Users_Guide//custom.css" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="../../../highlighter/efatmarker.css"/>
<style>
  #efm-button {margin:0 0 4px 0;padding:0 0 0 30px;position:fixed;height:48px;width:52px;bottom:0;right:0;background:transparent url(../../../highlighter/kedit-2.png) no-repeat bottom right;cursor:pointer;opacity:0.4;z-index:99999999999}
  #efm-button:hover {opacity:1}
  #efm-button #efm-menu {margin:0 0 52px 0;border:1px outset gray;padding:0;display:none;background:#eee;position:fixed;bottom:0;right:0;width:20em;opacity:1;cursor:auto}
  #efm-button:hover #efm-menu {display:block;font-size:smaller;color:#999}
  #efm-button #efm-menu p {margin:0;padding:0 3px}
  #efm-button #efm-menu a {margin:1px;padding:3px 3px;display:block;font:12px sans-serif;white-space:nowrap;opacity:inherit;cursor:pointer}
  #efm-button #efm-menu a:hover {color:black;background-color:white;opacity:1}
  #efm-button #efm-menu a > span {color:gray;position:absolute;right:4px}
  .efm-hi {background-color:#ff8;font-weight:normal;}
</style>

</head>

<body>
  <esi:include src="/skel/submit.html" onerror="continue" />
  <div id="main">
    <esi:include src="/skel/navbar.html" onerror="continue" />
    <div class="content">
      <div class="leak-header">
        <div class="title-area">
          <h1 class="leak-title">Vault 7: Projects</h1>
          <img src="../../../logo@400.png"/>
        </div>
        <div>
          <p>This publication series is about specific projects related to the
          <a href="https://wikileaks.org/ciav7p1/">Vault 7</a> main publication.</p>
        </div>
        <ul class="leak-navigation">
          
          
            
              
              <a href="../../../releases/">
                
                <li>Releases</li>
              </a>
            
          
            
              
              <a href="../../../document/">
                
                <li class="active">Documents</li>
              </a>
            
          
            
          
            
          
        </ul>
      </div>
      
  <div class="document">
    <div class="leak-content">
    <div class="banner">
    <div class="title">
      
        <h3><a href="../../../releases/#AfterMidnight">AfterMidnight</a></h3>
      
      <h1>Assassin v1.3 Users Guide</h1>
      <div class="extra-information">
        
      </div>
      <div class="date">
        11 June, 2013
      </div>
      
    </div>
  </div>


    <div class="summary">
      
    </div>
    
    <ul class="pagination" id="pagination">
  
  
  
    
      <li>
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-1/#pagination">1</a>
  </li>
    
  
    
      <li>
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-2/#pagination">2</a>
  </li>
    
  
    
      …
    
  
    
      <li>
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-30/#pagination">30</a>
  </li>
    
  
    
      <li>
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-31/#pagination">31</a>
  </li>
    
  
    
      <li class="current">
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-32/#pagination">32</a>
  </li>
    
  
    
      <li>
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-33/#pagination">33</a>
  </li>
    
  
    
      <li>
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-34/#pagination">34</a>
  </li>
    
  
    
      …
    
  
    
      <li>
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-191/#pagination">191</a>
  </li>
    
  
    
      <li>
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-192/#pagination">192</a>
  </li>
    
  
  </ul>
    <div class="efm-target">
    <div id="uniquer"><div id="pf20" class="pf w0 h0" data-page-no="20"><div class="pc pc20 w0 h0"><div class="t m0 x1 h2 y1 ff1 fs0 fc0 sc0 ls0 ws0">SECRET//OR<span class=""></span>CON//NOFORN</div><div class="t m0 xa h8 yae ff3 fs7 fc0 sc0 ls0 ws0">7.3.1<span class="_ _b"> </span>Beacon T<span class=""></span>ransaction</div><div class="t m0 xa h2 yaf ff1 fs0 fc0 sc0 ls0 ws0">The majority of Implant-Listening P<span class="_ _5"></span>ost communications occur during beacon </div><div class="t m0 xa h2 yb0 ff1 fs0 fc0 sc0 ls0 ws0">events. The beacon transaction is composed of six stages:</div><div class="t m0 xe h2 ye5 ff4 fs0 fc0 sc0 ls0 ws0">1.<span class="_ _f"> </span>Decide to Beacon</div><div class="t m0 xf h2 ye6 ff1 fs0 fc0 sc0 ls0 ws0">The Implant decides if it should perform a beacon transaction. T<span class="_ _e"></span>wo </div><div class="t m0 xf h2 ye7 ff1 fs0 fc0 sc0 ls0 ws0">conditions must be met before the Implant will attempt to beacon. </div><div class="t m0 x10 h2 ye8 ff1 fs0 fc0 sc0 ls0 ws0">-<span class="_ _10"> </span>Beacon Interval seconds have elapsed since the last beacon transaction.</div><div class="t m0 x10 h2 yb7 ff1 fs0 fc0 sc0 ls0 ws0">-<span class="_ _10"> </span>T<span class="_ _e"></span>arget machine passes the ‘P<span class=""></span>rocess Check’, which is described below<span class="_ _d"></span>.</div><div class="t m0 xe h2 ye9 ff4 fs0 fc0 sc0 ls0 ws0">2.<span class="_ _f"> </span>Beacon</div><div class="t m0 xf h2 yea ff1 fs0 fc0 sc0 ls0 ws0">The Implant sends a beacon to the Listening P<span class=""></span>ost, initi<span class="_ _1"></span>ating the transaction. </div><div class="t m0 xf h2 yeb ff1 fs0 fc0 sc0 ls0 ws0">The beacon includes information about the state of the Implant, including:</div><div class="t m0 x10 h2 yec ff1 fs0 fc0 sc0 ls0 ws0">-<span class="_ _10"> </span>ID of the Implant</div><div class="t m0 x10 h2 yed ff1 fs0 fc0 sc0 ls0 ws0">-<span class="_ _10"> </span>Curr<span class=""></span>ent T<span class="_ _5"></span>ime on the target machine</div><div class="t m0 x10 h2 yee ff1 fs0 fc0 sc0 ls0 ws0">-<span class="_ _10"> </span>T<span class=""></span>i<span class="_ _1"></span>me when the Implant last started e<span class=""></span>xecution</div><div class="t m0 x10 h2 yef ff1 fs0 fc0 sc0 ls0 ws0">-<span class="_ _10"> </span>T<span class=""></span>i<span class="_ _1"></span>me when the Implant is scheduled to uninstall, if scheduled</div><div class="t m0 x10 h2 yf0 ff1 fs0 fc0 sc0 ls0 ws0">-<span class="_ _10"> </span>Index of T<span class="_ _e"></span>ransport used to conduct curr<span class=""></span>ent beacon</div><div class="t m0 xe h2 yf1 ff4 fs0 fc0 sc0 ls0 ws0">3.<span class="_ _f"> </span>Download T<span class="_ _d"></span>asking</div><div class="t m0 xf h2 yf2 ff1 fs0 fc0 sc0 ls0 ws0">The Implant downloads a T<span class="_ _e"></span>asking file, if any are available, fr<span class=""></span>om the Listening </div><div class="t m0 xf h2 yf3 ff1 fs0 fc0 sc0 ls0 ws0">P<span class=""></span>ost. The file i<span class="_ _1"></span>s saved in the <span class="ff5 fs8">input directory</span> with a random name between </div><div class="t m0 xf h2 yf4 ff1 fs0 fc0 sc0 ls0 ws0">five and twenty-five alphanumeric characters.</div><div class="t m0 xe h2 yf5 ff4 fs0 fc0 sc0 ls0 ws0">4.<span class="_ _f"> </span>Execute T<span class="_ _d"></span>asking</div><div class="t m0 xc h2 yf6 ff1 fs0 fc0 sc0 ls0 ws0">The Implant ex<span class=""></span>ecutes any tasking files it finds in the <span class="_ _6"></span><span class="ff5 fs8">‘input’</span> dir<span class=""></span>ectory<span class="_ _7"></span>. R<span class=""></span>esults<span class="_ _1"></span> </div><div class="t m0 xc h2 yf7 ff1 fs0 fc0 sc0 ls0 ws0">ar<span class="_ _5"></span>e generated, prepar<span class=""></span>ed for upload, and saved in the upload queue. The </div><div class="t m0 xc h2 yf8 ff1 fs0 fc0 sc0 ls0 ws0">resu<span class=""></span>l<span class="_ _1"></span>ts of task ex<span class=""></span>ecution do not affect the success/failure of the beacon.</div><div class="t m0 xe h2 yf9 ff4 fs0 fc0 sc0 ls0 ws0">5.<span class="_ _f"> </span>Upload Results</div><div class="t m0 xf h2 yfa ff1 fs0 fc0 sc0 ls0 ws0">The Implant uploads files to the Listening P<span class=""></span>ost from the upload queue. The </div><div class="t m0 xf h2 yfb ff1 fs0 fc0 sc0 ls0 ws0">Implant will continue to upload files until the upload limit is met or the </div><div class="t m0 xf h2 yfc ff1 fs0 fc0 sc0 ls0 ws0">upload queue is exhausted.</div><div class="t m0 xe h2 yfd ff4 fs0 fc0 sc0 ls0 ws0">6.<span class="_ _f"> </span>Update Beacon Interval</div><div class="t m0 xf h2 yfe ff1 fs0 fc0 sc0 ls0 ws0">The Implant calculates the duration of the next beacon interval based on the<span class="_ _1"></span> </div><div class="t m0 xf h2 yff ff1 fs0 fc0 sc0 ls0 ws0">success or failure of the cur<span class=""></span>rent beacon’s communications.</div><div class="t m0 xb h2 y2d ff1 fs0 fc0 sc0 ls0 ws0">32</div><div class="t m0 x1 h2 y2e ff1 fs0 fc0 sc0 ls0 ws0">SECRET//OR<span class=""></span>CON//NOFORN</div></div><div class="pi" data-data='{"ctm":[1.000000,0.000000,0.000000,1.000000,0.000000,0.000000]}'></div></div>
</div>
    </div>
    <ul class="pagination" id="pagination">
  
  
  
    
      <li>
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-1/#pagination">1</a>
  </li>
    
  
    
      <li>
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-2/#pagination">2</a>
  </li>
    
  
    
      …
    
  
    
      <li>
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-30/#pagination">30</a>
  </li>
    
  
    
      <li>
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-31/#pagination">31</a>
  </li>
    
  
    
      <li class="current">
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-32/#pagination">32</a>
  </li>
    
  
    
      <li>
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-33/#pagination">33</a>
  </li>
    
  
    
      <li>
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-34/#pagination">34</a>
  </li>
    
  
    
      …
    
  
    
      <li>
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-191/#pagination">191</a>
  </li>
    
  
    
      <li>
    <a href="../../../document/Assassin_v1_3_Users_Guide/page-192/#pagination">192</a>
  </li>
    
  
  </ul>
  
  </div>
  <script type="text/javascript" src="../../../highlighter/mootools-core-and-more.js"></script>
<script type="text/javascript" src="../../../highlighter/efatmarker.min.js"></script>
<div id="efm-button">
<div id="efm-menu">
    <h3 style="margin:0 0 2px 0">e-Highlighter</h3>
    <a id="efm-permalink" class="efm-need-highlight" href="" style="margin-bottom:0;padding-bottom:0;"></a>
    <p style="margin-top:0;padding-top:0" class="efm-need-highlight">Click to send permalink to address bar, or right-click to copy permalink.</p>
    <p style="margin:0.5em 0;padding:0;border-top:1px dotted #ccc;height:1px"></p>
    <a id="efm-unhighlightall" class="efm-need-highlight">Un-highlight all</a>
    <a id="efm-unhighlight">Un-highlight selection<span>u</span></a>
    <a id="efm-highlight">Highlight selection<span>h</span></a>
    </div>
</div>
<script type="text/javascript">

(function(){
window.addEvent('domready', function(){

    var markerButton = $('efm-button');
    if ( markerButton ) {
        eMarker = new EFatMarker($('uniquer'));
        eMarker.tokenToSpans(); // apply whatever token is there
        // need to act on mousedown or else selection disappear
        markerButton.addEvent('mousedown', function(){
            eMarker.interpretSelection(true);
            return false;
            });
        $('efm-unhighlightall').addEvent('mousedown', function(){
            eMarker.unhighlightAll(true);
            return false;
            });
        $('efm-unhighlight').addEvent('mousedown', function(){
            eMarker.unhighlightSelection(true);
            return false;
            });
        $('efm-highlight').addEvent('mousedown', function(){
            eMarker.highlightSelection(true);
            return false;
            });
        $('efm-permalink').addEvent('mousedown', function(){
            window.location.href = this.href;
            return false;
            });
        // if Mootools Keyboard is available, use it
        if (Keyboard) {
            var keyboard = new Keyboard({
                defaultEventType: 'keyup',
                events: {
                    'h': function(){
                        eMarker.highlightSelection(true);
                        },
                    'u': function(){
                        eMarker.unhighlightSelection(true);
                        }
                    }
                });
            keyboard.activate();
            }
        eMarker.syncDOM();
        // auto scroll to first highlight, if any
        if (eMarker.hasSpans()) {
            var scroll = new Fx.Scroll(window,{offset:{'x':0,'y':-100}}),
                highlights = $$('#uniquer .efm-hi');
            if (highlights.length > 0) {
                scroll.toElement(highlights[0]);
                }
            }
        }
    });
})();
</script>
    <div class="leak-sidebar">
    <h2>Downloads</h2>
  <div class="sidebar-section">
    <a href="../../../document/Assassin_v1_3_Users_Guide/Assassin_v1_3_Users_Guide.pdf">
      <img src="../../../img/pdf.png?h=638758a1"/>
      Assassin_v1_3_Users_Guide.pdf
    </a>
  </div>

    
  <div class="sidebar-section">
  
  </div>
  </div>
  </div>

    </div>
  </div>

  
  <esi:include src="/skel/footer.html" onerror="continue" />
  
</body>
</html>
