Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN
• Local Path
o If applicable, local path of the arbitrary payload
• Drop Name
o If applicable, the drop name and location of the payload on target
• Command line arguments
o If applicable, command line arguments to the payload
• Max runs
o Maximum times the payload should execute
• Needs Admin
o Only execute the payload if admin
• Internet Drop
o Whether to execute payload if internet is detected
• Bitness Drop
o Drop payload dependent on system bitness
• Execution method – See section 4.4 for more information
o RunDll32
o Load Library from Disk
o Inject Fire and Forget From Memory
o Launch EXE from Disk
o Load Fire and Collect from Memory (BK module)
o Drop Payload from Disk
• Blacklist
o Blacklist processes, that if detected, prevent the payload from executing
SECRET//NOFORN
7