Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
Owner: User #71467
HG v3.1.3-Adverse-01 Testing
HG was delivered for JQJADVERSE on 9/8/15 for the Cisco 3560G. Testing scope will include testing ROCEM v1.2 for ADVERSE, delivered to Test Range on 9/15/15, as well as testing HG Base functionality, DNSDomain Name System Checkin capability, SMITE and on-device OPSEC since this will be a persistent delivery.
CONOP will be
- Flux into network through three different hosts - first a webserver, then a DC, then to a host that is connected to an adjacent 2960 on a management subnet
- Trigger will be sent through flux, and CTCounter Terrorism session will be established back through flux initially
- An initial CTCounter Terrorism session will be established and DNSDomain Name System Checkin capability verified.
- Subsequent comms with HG will be via DNSDomain Name System checkin.
- DNS Checkin has been preconfigured with capability to execute SMITE
VMs Used
- Adverse-Flux1 - XX.XX.XXX.XX (IR-DATAK-20020718[IR])/192.168.0.21
- Adverse-Flux2 - 192.168.0.11
- Adverse-Flux3 - 192.168.221.40
- Adverse-ICON-Debian8 - 172.20.12.34
- Adverse-Proxy - XX.XX.XXX.X (IR-DATAK-20020718[IR])/192.168.0.4
- Adverse-Seeds - 192.168.211.10
- BIND-DNSCheckin-UbuntuServer - 4.4.4.3
Testing Summary
Testing Notes
Information about target:
- Hardware is 3560G-24
- Software is c3560-ipbase-mz.122-35.SE5
VMs Used:
- Adverse-ICON-Debian8 - 172.20.12.34
- Smoke Test