Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN
SECRET//NOFORN
IOC ERB:
9
IV&V Observations (cont.)
Observation 4:
Context: On Windows Vista, SP2, 32-bit OS with Kaspersky
Internet Security at default and high settings, two events are
captured in the log file:
First: Log displayed the actual name of the executable and is
classified by Kaspersky as a ‘Low Restricted Object’ that was
heuristically calculated
Second: Log highlighted that the executable used program
interfaces of other applications
Impact: Unauthorized activity on the target may be discovered
Workaround/Recommendation: Update the User Manual to note
this behavior