Vault 7 Leaks: CIA Hacking  Tool “CouchPotato” Remotely Capture Videos & Images -WikiLeaks

Wikileaks revealed a new CIA Document of Remote hacking tool called “CouchPotato” Capture and collecting videos Steaming in RTSP/H.264 formats and also ability to capture the image of Frame.

Few day Before WikiLeaks Revealed New CIA Cyber Weapon called “Dumbo” that has been developed with Sophisticated functionality  to hacking Webcams and Corrupt Video Recordings

it can so capture the images of frame that  are of significant change from a previously captured frame.

SIEM as a Service

FFmpeg software has been utilized by CouchPotato for image Encoding and decoding and  RTSP connectivity.

The Real Time Streaming Protocol (RTSP) is a network control protocol designed for use in entertainment and communications systems to control streaming media servers. The protocol is used for establishing and controlling media sessions between end points.

FFmpeg has built with CouchPotato that helps to Minimize the  size of DLL by removing  unnecessary features of audio and video codecs.

Also Read  Fileless malware that uses PowerShell scripts from Window’s registry leading to Click Fraud Malware Campaign

How Does CouchPotato Works 

Initially, Handler of the CouchPotato need to be started before launching an instance of a CouchPotato ICE DLL through a compatible loader.

 cp_handler.py Script should be executed in new shell in order the start the handler and script should be started on the same host as the C2 loader
 

Example: $ cp_handler.py –o out_data

–o argument for the path to a directory to write its output and all the File are Written in this Directory.

There are several arguments used in CouchPotato to the ICE DLL invocation.

-i [RTSP url] – This argument used to find the Video Source input for Example  rtsp://10.3.2.1:8854/IPCameraStream .

-vcodec copy – Directs the decoder to “copy” the video data fromthe stream. For use when collecting video files only.

-acodec copy – Directs the decoder to “copy” the audio data from the stream.For use when collecting video files only

-an – Directs the decoder to ignore audio data from the stream.For use when collecting video files only

-f [output file format] [output path] – The only currently supported options are avi and image2.The output path should always be “-“ (as in a STDOUT pipe)

Example argument strings:

-i rtsp://10.3.2.52:8554/Cam –f image2 –
-i rtsp://10.3.2.52:8554/Cam –t 300 –vcodec copy –an –f avi –
-i rtsp://10.3.2.52:8554/Cam –t 300 –vcodec copy –acodec copy
–f avi –

Capturing image frames of significant change , once Start the CouchPotato handler –f image2 – used as output format argument.

Finally The collected images are written to the root of the directory that was passed to the CouchPotato handler script.

Capturing Video frames of significant change , once Start the CouchPotato handler then –vcodec copy –an -f avi – used as output format argument.

Finally The collected Videos are written to the root of the directory that was passed to the CouchPotato handler script.

Capturing Video and audio frames of significant change , once Start the CouchPotato handler then –vcodec copy –acodec copy -f avi –used as output format argument.

The collected Video and audio are written to the root of the directory that was passed to the CouchPotato handler script.

Previous CIA Leaked Tools by WikiLeaks

Vault 7 Leaks:CIA Cyber Weapon “Dumbo” Hack WebCams & Corrupt Video Recordings – WikiLeaks

 Vault 7 Leaks : CIA Hacking Tools “Achilles, Aeris, SeaPea” Revealed to Hack Mac and Linux OS -WikiLeaks

Raytheon – Vault 7 Leaks : CIA Owned PoC Malware Development Surveillance Projects “UCL Under Raytheon” Leaked – WikiLeaks

HighRise – Vault 7 Leaks : CIA Android Ha Vault 7 Leaks : CIA Hacking Tools “Achilles, Aeris, SeaPea” Revealed to Hack Mac and Linux OS -WikiLeaks

Hacking Tool “HighRise” Steals Data From Compromised Android Phones via SMS – WikiLeaks

Gyrfalcon –  Vault 7 Leaks: CIA Cyber Weapon “BothanSpy” and “Gyrfalcon” Steals SSH Credentials From Windows and Linux Computers – WikiLeaks

OutlawCountry – Vault 7 Leaks: CIA Malware “OutlawCountry” Controls Linux Machine and Redirect the Victims Traffic into CIA Controlled Machine – WikiLeaks

ELSA – Vault 7 Leaks: CIA Malware “ELSA” Tracking Geo-Location of WiFi Enabled Windows Computers – WikiLeaks

Brutal Kangaroo – CIA Hacking Tool “Brutal Kangaroo” Revealed to Hack Air-Gapped Networks by using USB Thumb Drives -WikiLeaks

CherryBlossom –  Wikileaks Revealed New CIA Wireless Hacking Tool “Cherry Blossom” Compromise Your Wireless Network Devices using MITM Attack

Pandemic –  New CIA Cyberweapon Malware “Pandemic” installed in Victims Machine and Replaced Target files where remote users use SMB to Download