Home Hacks Vault 7 Leaks: CIA Hacking Tool “CouchPotato” Remotely Capture Videos &...

Hacks

Vault 7 Leaks: CIA Hacking Tool “CouchPotato” Remotely Capture Videos & Images -WikiLeaks

August 10, 2017

Wikileaks revealed a new CIA Document of Remote hacking tool called “CouchPotato” Capture and collecting videos Steaming in RTSP/H.264 formats and also ability to capture the image of Frame.

Few day Before WikiLeaks Revealed New CIA Cyber Weapon called “Dumbo” that has been developed with Sophisticated functionality to hacking Webcams and Corrupt Video Recordings

it can so capture the images of frame that are of significant change from a previously captured frame.

FFmpeg software has been utilized by CouchPotato for image Encoding and decoding and RTSP connectivity.

The Real Time Streaming Protocol (RTSP) is a network control protocol designed for use in entertainment and communications systems to control streaming media servers. The protocol is used for establishing and controlling media sessions between end points.

FFmpeg has built with CouchPotato that helps to Minimize the size of DLL by removing unnecessary features of audio and video codecs.

Also Read Fileless malware that uses PowerShell scripts from Window’s registry leading to Click Fraud Malware Campaign

How Does CouchPotato Works

Initially, Handler of the CouchPotato need to be started before launching an instance of a CouchPotato ICE DLL through a compatible loader.

cp_handler.py Script should be executed in new shell in order the start the handler and script should be started on the same host as the C2 loader

Example: $ cp_handler.py –o out_data

–o argument for the path to a directory to write its output and all the File are Written in this Directory.

There are several arguments used in CouchPotato to the ICE DLL invocation.

-i [RTSP url] – This argument used to find the Video Source input for Example rtsp://10.3.2.1:8854/IPCameraStream .

-vcodec copy – Directs the decoder to “copy” the video data fromthe stream. For use when collecting video files only.

-acodec copy – Directs the decoder to “copy” the audio data from the stream.For use when collecting video files only

-an – Directs the decoder to ignore audio data from the stream.For use when collecting video files only

-f [output file format] [output path] – The only currently supported options are avi and image2.The output path should always be “-“ (as in a STDOUT pipe)

Example argument strings:

-i rtsp://10.3.2.52:8554/Cam –f image2 –
-i rtsp://10.3.2.52:8554/Cam –t 300 –vcodec copy –an –f avi –
-i rtsp://10.3.2.52:8554/Cam –t 300 –vcodec copy –acodec copy
–f avi –

Capturing image frames of significant change , once Start the CouchPotato handler –f image2 – used as output format argument.

Finally The collected images are written to the root of the directory that was passed to the CouchPotato handler script.

Capturing Video frames of significant change , once Start the CouchPotato handler then –vcodec copy –an -f avi – used as output format argument.

Finally The collected Videos are written to the root of the directory that was passed to the CouchPotato handler script.

Capturing Video and audio frames of significant change , once Start the CouchPotato handler then –vcodec copy –acodec copy -f avi –used as output format argument.

The collected Video and audio are written to the root of the directory that was passed to the CouchPotato handler script.