Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//20350629
(U) Appendix A: System Footprint
(S) The following files are added to the operational flash drive:
File Size MD5 Hash
Exe file varies varies
Dll file varies varies
Link file varies varies
Note: Due to configurability, the size and MD5 hash of any configured file will vary.
(U) Appendix B: PSP Findings
(S) For full PSP findings, please consult the IV&V slides that were delivered with
EZCheese 6.3 (EZCheese v6.3_IVV TDR Slides_XXXX.pptx). Here is a brief summary:
Avast Internet Security: Alerts will pop up! (default and high settings) On
Windows XP, SP3, 32-bit; Windows Vista, SP2, 32-bit; or Windows Vista, SP2,
64-bit:
Two alert pop-up windows appeared.
After analysis, Avast determined that the executable was not malware but
the executable was sandboxed.
Only the file collection and payload drop actions were performed by the
tool.
BitDefender Total Security: Alerts will pop up!
(high settings) On Windows XP, SP3, 32-bit or Windows 7, SP1, 32-bit:
(default and high settings ) On Windows Vista, SP2, 64-bit OS:
An alert pop-up window immediately appeared, which stated ‘Active
Virus Control has detected and blocked a potentially malicious
application’.
The executable process failed to run, hence the payload was not dropped.
This alert is recorded in the log file.
EZCheese did return survey and file collection data.
SECRET//20350629
16

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh