Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//NOFORN
Local Path
o If applicable, local path of the arbitrary payload
Drop Name
o If applicable, the drop name and location of the payload on target
Command line arguments
o If applicable, command line arguments to the payload
Max runs
o Maximum times the payload should execute
Needs Admin
o Only execute the payload if admin
Internet Drop
o Whether to execute payload if internet is detected
Bitness Drop
o Drop payload dependent on system bitness
Execution method – See section 4.4 for more information
o RunDll32
o Load Library from Disk
o Inject Fire and Forget From Memory
o Launch EXE from Disk
o Load Fire and Collect from Memory (BK module)
o Drop Payload from Disk
Blacklist
o Blacklist processes, that if detected, prevent the payload from executing
SECRET//NOFORN
7

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh