Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN
(S) This page allows you to configure the data transfer module(s) as well as the
payloads.
(S) The data transfer methods define how data is collected back to the thumbdrive
• Alternate Data Stream
o Writes data back to the alternate data streams of NTFS (hidden from view)
• GLYPH
o Writes data to a configured file on the drive
• PICTOGRAM
o Writes data to an existing file (ideally an image file such as a jpg or png).
(S) Data Transfer options:
• Min % Free Space
o The minimum percentage of space on the thumbdrive that must remain
available for overt usage
• Max Collect Size
o The maximum size of all collected files on the thumbdrive
(S) Payload modules:
• Local Binary
o An arbitrary payload you wish to execute
• Survey
o A Brutal Kangaroo system survey
• Directory Listing
o DirWalk removable drives – T/F
o DirWalk Fixed Drives – T/F
o DirWalk Remote Drives –T/F
o DirWalk CD Drives – T/F
• File Collection
o File Patterns to collect
o Folders to exclude
o Minimum collect size
o Maximum collect size
o Minimum modified date
o Maximum modified date
o Minimum access date
o Maximum access date
o Minimum create date
o Maximum create date
• USB Survey
o Survey of inserted USB drives in target system
(S) Payload options:
SECRET//NOFORN
6