Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//NOFORN
o Uses the autorun.inf to gain execution as soon as the thumbdrive is
inserted into the target machine
o Link files do not need to be viewed to gain execution
o User has the option of configuring and x86 and x64 DLL that is executed
when the thumbdrive when the autorun.inf is launched
o Requires the drive letter that thumbdrive will be mounted on to be
configured in the link file
o This execution vector is supported for target machines running Windows 7
only
RiverJack LinkFiles (Okabi Links)
o Uses the library-ms functionality to gain execution.
o Link files do not need to be viewed to gain execution and can be marked
with the hidden and system attributes. The library junction must be
viewable.
o Execution will not occur until library junction is viewed in Explorer.
o This execution vector is supported for target machines running Windows
7, 8, and 8.1.
4.2.2 (U) Deployment Configuration
Figure 2: (U) drifting Deadline v1.1 – Deployment
SECRET//NOFORN
4

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh