Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
payload can also conduct a survey, or collect files based on the configurations set
by Emotional_Simian_Config.exe.
6. Collection: If DllPayload(64).dll does file collection and/or a system survey then
the files will be chunked up and written back to the covert partition that exists on
the thumb drive.
7. Unload: When the thumb drive returns to the primary host, ES Server(64).exe
will pull any collected files off the covert partition and store them as hidden
system files on the Primary Host hard drive (The data is then deleted from the
covert partition).
8. Retrieval: The operator will then pull the desired files from the Primary Host and
place them on the Base End for post processing.
9. Post Process: PostProcess.exe decrypts, decompresses, and stitches the collected
files back together. The recreated files will be dumped into the desired location.
4.2 Configuring Emotional Simian
Emotional_Simian_Config.exe must be run on XP SP3 or later, preferably on Windows 7.
Emotional_Simian_Config.exe will generate:
ES Server.exe and ES Server.cfg files to be installed on the Primary Host.
An XML file of all the configurations from the configuration tool along with the
public private keys.
NOTE: DO NOT LOSE THE PRIVATE KEY! IF THIS IS LOST, THEN WE WILL
BE UNABLE TO DECRYPT ANY COLLECTED FILES.
8
SECRET//X1
CL BY: 2397517
REASON: 1.4(c)
DECL: 20361019
DRV: COL S-06