Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
5. Drop if 32/64 bit: Self-explanatory.
6. Create Folder Structure: If checked, DllPayload(64).dll will create the folder
structure defined in Full path of payload executable on target on the secondary
host.
7. Need System Rights: Payload needs System (not Admin) rights.
8. OverWrite Files: If checked, the payload will replace a file of the same name.
9. Max Runs: The max number of times the payload can drop. The number of runs
is stored as the creation time of DllPayload(64).dll. If DllPayload(64).dll cannot
modify the creation time it will not drop and run the payload. This prevents
DllPayload(64).dll from working from a CD or write-blocker. Note: When
dropping both 64 bit and 32 bit DLLs, the total includes BOTH.
10. Full path of payload executable: Location and name of the payload.
11. Full path of payload executable on target: Path and name of where the payload
will be created on the secondary host. Payloads will not be overwritten unless the
OverWrite Files control is checked. Existing (non over-written) payloads will not
be executed.
12. Payload Arguments: Arguments that will be fed into the payload at run time.
13. Run Payload as: Select how to run the payload.
Just Drop: Self-explanatory.
Create Process: Execute .exe payload.
Shell Execute: Execute .exe payload using a command shell.
Load Library: Load .dll payload into DllPayload(64) process.
Rundll32.exe: Run .dll payload as its own process from Rundll32.exe.
14
SECRET//X1
CL BY: 2397517
REASON: 1.4(c)
DECL: 20361019
DRV: COL S-06