RickyBobby 4.0

RickyBobby 4.0


A lightweight implant targeting computers running newer versions of Microsoft Windows and Windows Server. Developed by the CIA’s Operational Support Branch (OSB).

The RickyBobby implant enables Computer Operations Group (COG) operators to upload and download files and execute commands and executables on the target computer without detection as malicious software by personal security products (PSPs).

RickyBobby 4.0 improves upon previous versions of RickyBobby by being easier to install, task using the Listening Post (LP), and manage multiple implant installations.

RickyBobby 4.0 is comprised of several .NET DLLs and a Windows PowerShell script. RickyBobby uses Windows PowerShell to download and dynamically execute the .NET DLLs in memory. OSB chose Windows PowerShell as the execution vector because it is installed by default on all Microsoft’s operating systems since Windows Vista and it runs as trusted, Microsoft-signed process. RickyBobby 4.0 can be installed remotely or with physical access to the target computers using batch files.

What/Who is Cal?

Simply put, Cal is RickyBobby's best friend: SHAKE N BAKE!

Cal is a python/cython Django Framework project that operates as the Listening Post for RickyBobby.

(source: Wikileaks - Vault 7 - https://wikileaks.org/ciav7p1/cms/page_15728810.html)

Products sold by OpenVault are for entertainment and educational purposes only. Customer’s are purchasing a physical copy of digital artwork (Software box).

Add To Cart