Vault 7: Projects
This publication series is about specific projects related to the Vault 7 main publication.
Dumbo User Guide SECRET//X1
Dumbo User Guide
1.0 (S) Introduction
(S) Dumbo runs on a target that we have physical access, attempts to disable all network
adapters, and terminates specified processes.
1.1 (S) Requirement
(S) The Intelligence Community has identified the need (requirement # 2012-0527) for a
capability to quickly terminate potential processes utilizing webcams that could compromise a
PAG deployment.
1.2 (S) Purpose
(S) This User Guide describes how to use Dumbo v1.0. The document provides the Dumbo
configuration process and the installation process.
2.0 (S) System Overview
• (S) Configuration
o (S) The configuration for the tool is entirely from the command-line program
ConfigureProcesses. The usage is:
ConfigureProcesses -v executable (To read current configuration of exe)
ConfigureProcesses -e executable -f config_file (To write resources from a
config file to the executable)
ConfigureProcesses -e executable -p List Of Processes (To write resources
from the command line to the executable)
o Note that the process names are entered into a text document, separated by row:
Skype.exe
WebCamSoftware.exe
OtherProcess.exe
o The process name must be exactly as is displayed by task manager (*32 does not
matter as this designates 32-bit processes on 64-bit machines)
• (S) Installation Execution
o (S) Once configured, simply execute the configured tool on a target machine directly
from a USB thumb drive. The application will require administrator privileges; It will
immediately display a message box with a quick summary detailing whether or not all
network adapters were disabled and if any processes failed to terminate.
SECRET//X1
1
Dumbo-v1_0-User_Guide_2012-05-24.pdf