Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//NOFORN
SECRET//NOFORN
IOC ERB:
8
IV&V Observations (cont.)
Observation 3:
Context: On Windows XP, SP3, 32-bit OS with Kaspersky
Internet Security at default and high settings, four events are
captured in the log file:
First: Log displayed actual name of the executable, which was
classified by Kaspersky as a ‘Low Restricted Object’ that was
heuristically calculated
Second: Log indicated that the executable accessed critical
system objects
Third: Log highlighted that the executable used program interfaces
of other applications
Fourth: Log indicated that the executable opened a service to write
data
Impact: Unauthorized activity on the target may be discovered
Workaround/Recommendation: Update the User Manual to note
this behavior

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh