Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET
/
/
NOFORN
Pique Analysis Report
20150828-268-CSIT-15078-Ski
p
p
er
Ra
y
theon Blackbird Technolo
g
i
es,
Inc. 2 28 Au
g
ust 2015
Use or disclosure of data contained on this sheet is su
bje
ct to the restrictions on the title
page
of this document.
SECRE
T//
NOFORN
2.0 (U) Description of the Technique
(S//NF) The PoC recommended is a novel persistence technique that modifies the victim’s
desktop shortcuts to point to the malware plus the original shortcut’s target.
3.0 (U) Identification of Affected Applications
(U) Windows.
4.0 (U) Related Techniques
(S//NF) Persistence.
5.0 (U) Configurable Parameters
(U) None.
6.0 (U) Exploitation Method and Vectors
(S//NF) No exploitation methods were discussed. The attack vector mentioned is spear phishing
email campaigns with malicious document attachments.
7.0 (U) Caveats
(U) None.
8.0 (U) Risks
(S//NF) The risk associated with the development of the recommended PoC is low to moderate.
We estimate it will take roughly 1 FTE week to complete this PoC.
9.0 (U) Recommendations
(S//NF) We recommend the desktop shortcut hijack persistence technique be developed as a
PoC.