Vault 7's Grasshopper components table

in #wikileaks7 years ago (edited)

I decided to build this table to more accessibly describe the many tools available in Grasshopper. When listed separately it can seem like a lot, but in reality almost of these tools have only slight variations as they are meant to work in tandem with one another. Perhaps the most unique and notable among these would be Stolen Goods v2.1, which is obviously the most refined and sophisticated in addition to its history of being stolen from Russia.

Above is my own creative spin on the Grashopper framework logo in light of recent developments.

Mobile readers may prefer the Reddit version of the table.

If you want more specifics on the exact locations of the "footprints" left behind by these tools, see my previous article: WikiLeaks Vault 7 part IV: Grasshopper and more research challenges!

Component NameVersionPersistence method/exploitPayload typesPrivilege levelFootprints
Bermuda1.0Windows Task SchedulerEXE, DLL, GH1SYSTEMPayload executable, payload directory, Task Manager process and task in Task Scheduler and hidden task file
Buffalo and Bamboo1.0netsvcs service hostEXE, DLL, GH1SYSTEMPayload executable, payload directory, Microsoft Management Console service, a new registry key and modifies a registry key
Crab1.0modifies Windows Service registryEXE, DLL, GH1SYSTEMPayload executable, payload directory, Microsoft Management Console service, a new registry key and modifies a registry key
NetMan1.0Windows Network Connections Manager ServiceEXE, DLL, GH1SYSTEMPayload executable, payload directory, Task Manager process and new registry key
ScheduledTask1.1Windows Task Scheduler 1.0 COM interfaceEXE, DLL, GH1SYSTEMPayload executable, payload directory, Task stub executable, Task stub directory, and Scheduled Task XML
Scrub1.0Windows registryEXE, DLL, GH1USERPayload executable, payload directory, Task Manager process and new registry key
ServiceDLL1.3Windows ServicesEXE, DLL, GH1SYSTEMService stub executable, Service stub directory, Payload executable, payload directory, Unhijack executable, Unhijack directory and creates and modifies multiple registry keys
ServiceProxy1.1Existing Windows Service DLL filesEXE, DLL, GH1SYSTEMService stub executable, Service stub directory, payload executable, payload directory, creates a registry key and modifies multiple registry keys
Stolen Goods2.1Windows boot sequence and Windows DriversDLL and Windows Driver (.sys)SYSTEMOne, encrypted file on the target's partitioned disk space as well as registry keys if it is using a driver payload
Wheat1.0Windows DriversWindows Driver (.sys)SYSTEMPayload executable, payload directory and creates a registry key
WUPS1.0Windows Update ServiceDLL and EXESYSTEMPayload executable, payload directory, Task manager process, creates a registry key and creates a non-critical error log entry in the Windows Update log

If you like my work and wish to support my future projects and research, consider subscribing to my Patreon and receive additional perks for helping the cause!

#vault7 #technology #news #politics
7 years ago in #wikileaks by
$0.04
  • Past Payouts $0.04, 0.00 TRX
  • - Author $0.03, 0.00 TRX
  • - Curators $0.01, 0.00 TRX
38 votes
Reply 4
Sort:  
  • Trending
    • [-]
     7 years ago 

    There's never been a better time to learn linux, folks!

    [-]
     7 years ago 

    That or get familiar with Tails. While nothing is entirely perfect, these systems have a lot more security advantages than your standard Windows or Mac OSX distro.

    $0.00
      Reply
      [-]
       7 years ago 

      Tails is linux

      $0.00
        Reply
        [-]
         7 years ago (edited)

        True, didn't realize it was a Debian distro. Thought it was something more like Risc. You pretty much can't beat the mighty penguin.

        $0.00
          Reply

          Coin Marketplace

          STEEM 0.14
          TRX 0.12
          JST 0.025
          BTC 52760.21
          ETH 2328.59
          USDT 1.00
          SBD 2.12