ASSASSIN v1.2 USER GUIDE - WikiLeaks...SECRET//ORCON//NOFORN 1 Concept of Operations Assassin is a stage one automated Implant that provides a simple collection platform on remote

SECRET//ORCON//NOFORN ASSASSIN v1.2 USER GUIDE March 2012 APPENDIX A:OVERVIEW.......................................................................... 3 1CONCEPT OF OPERATIONS..................................................................... 4 2SYSTEM COMPONENTS.......................................................................... 5 2.1IMPLANT EXECUTABLES...................................................................... 6 2.2DEPLOYMENT EXECUTABLES............................................................... 7 2.3BUILDER............................................................................................ 8 2.4TASKER............................................................................................. 9 2.5POST PROCESSOR............................................................................ 10 2.6COLLIDE HANDLERS......................................................................... 11 3SYSTEM REQUIREMENTS...................................................................... 12 3.1PYTHON.......................................................................................... 13 3.2COLLIDE.......................................................................................... 14 APPENDIX B:ASSASSIN IMPLANT............................................................ 15 1IMPLANT EXECUTABLE USAGE.............................................................. 16 1.1IMPLANT DLL................................................................................... 17 APPENDIX C:RUNNING VIA DLLMAIN...................................................... 18 APPENDIX D:RUNNING VIA GH1............................................................. 19 APPENDIX E:RUNNING VIA RUNDLL32.................................................... 20 1.1IMPLANT SERVICE DLL...................................................................... 21 APPENDIX F:RUNNING VIA RUNDLL32.................................................... 22 APPENDIX G:RUNNING VIA SERVICEMAIN............................................... 23 1.1IMPLANT EXE .................................................................................. 24 2IMPLANT IDENTIFICATION.................................................................... 25 3BEACON............................................................................................. 26 3.1BEACON TRANSACTION..................................................................... 27 3.2BEACON TIMING............................................................................... 28 3.3PROCESS CHECK.............................................................................. 29 CL BY: 2355679 CL REASON: Section 1.5(c),(e) DECL ON: 20351003 DRV FRM: COL 6-03 SECRET//ORCON//NOFORN

Documents

ASSASSIN v1.2 USER GUIDE - WikiLeaks...SECRET//ORCON//NOFORN 1 Concept of Operations Assassin is a stage one automated Implant that provides a simple collection platform on remote