Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
3. Drop 32 DLL: This configures the ES Server(64).exe to put down a 32 bit DLL
on the selected whitelisted thumb drive. Each whitelisted drive can uniquely name
the DLLs and lnk files. The only stipulation on the naming conventions is the link
files must be named .lnk (already done for you), and the dll must end with an
extension (It does not need to be .dll, but it has to have .something).
4. 32 bit lnk files: These link files are required to execute the ES DLL. If fields are
filled out but not checked the information will be saved in the XML file, but not
enabled in ES Setup.exe.
5. Drop 64 DLL: Same functionality as Drop 32 DLL for 64 bit DLL files.
6. 64 bit lnk files: Same functionality as 32 bit lnk files for 64 bit DLL files.
7. Infect Local Thumb drive: This button instantly infects a thumb drive that is
plugged into the system instead of running ES Server.exe. First, click the desired
‘Whitelisted Drives’ configuration and then click this button. The Pre and Post
Build executable/batch scripts will run with this button.
10
SECRET//X1
CL BY: 2397517
REASON: 1.4(c)
DECL: 20361019
DRV: COL S-06