Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRE
T//
NOFORN
Pique Analysis Report
20150807-251-S
yma
ntec-ZeroAccess Ind
ep
th
Ra
y
theon Blackbird Technolo
g
i
es,
Inc. 2 07 Au
g
ust 2015
Use or disclosure of data contained on this sheet is su
bje
ct to the restrictions on the title
page
of this document.
SECRE
T//
NOFORN
3.0 (U) Identification of Affected Applications
(S//NF) Windows and anti-virus applications.
4.0 (U) Related Techniques
(S//NF) Anti-anti-virus.
5.0 (U) Configurable Parameters
(S//NF) Varied depending on anti-virus product targeted.
6.0 (U) Exploitation Method and Vectors
(S//NF) No exploitation methods or attack vectors were discussed in this report.
7.0 (U) Caveats
(U) None.
8.0 (U) Risks
(S//NF) The risk associated with the development of the anti-anti-virus PoC is assessed to be
moderate due to technical complexity. We estimate that the PoC will require two FTE weeks to
complete.
9.0 (U) Recommendations
(S//NF) We recommend that the ZeroAccess technique of identifying anti-virus products
(triggering on high registry key access processes) be developed as a PoC.

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh