Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//20350629
ESET Smart Security: Data not collected! (default and high settings) On
Windows XP, SP3, 32-bit:
Web information, system information and network data were not
collected.
The executable process ran for 15 minutes and the process did not
terminate.
Kaspersky ISS 2013: Alerts will pop up! On Windows 7 SP1, 32 & 64-bit, there
are two popup alerts upon EZCheese execution, stating “Using program interfaces
of other applications”, and an alert highlighting a file EZCheese is trying to read
for its file collection. This particular file was located in the Kaspersky system
directory, which consequently is shown in the popup alert message as being
denied access. All activity was logged and all files accessed by EZCheese
collection were logged. (Alerts are only displayed on high settings but all
activity was also logged on default settings)
Kaspersky Internet Security: Events logged! (default and high settings)
On Windows XP, SP3, 32-bit OS four events are captured in the log file:
First: Log displayed actual name of the executable, which was classified
by Kaspersky as a ‘Low Restricted Object’ that was heuristically
calculated.
Second: Log indicated that the executable accessed critical system objects.
Third: Log highlighted that the executable used program interfaces of
other applications.
Fourth: Log indicated that the executable opened a service to write data.
On Windows Vista, SP2, 32-bit OS two events are captured in the log file:
First: Log displayed the actual name of the executable and is classified by
Kaspersky as a ‘Low Restricted Object’ that was heuristically calculated.
Second: Log highlighted that the executable used program interfaces of
other applications.
On Windows Vista SP2, 64-bit OS seven events are captured in the log file:
First: Log showed the actual name of the executable and is classified by
Kaspersky as a ‘Low Restricted Object’.
The remaining six log events displayed the name of the executable and the
path to the Google Chrome browser’s cache file. These log events
presented a link between the executable and the browser’s cache file.
EZCheese was still able to collect browser data.
Norton ISS 2013: System Freeze! (default and high settings) On Windows 7 SP1
32 & 64-bit, the entire system will to freeze for 4 to12 seconds upon EZCheese
execution. Movement of the mouse is possible but no other actions are successful.
SECRET//20350629
17

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh