Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//ORCON//NOFORN
2.2 Behavior
The Grasshopper installer executes the following steps after gaining execution.
1) Select payload and persistence module
Grasshopper uses a rule-based decision engine to select a target appropriate
payload-persistence module combination.
2) Load persistence module
Grasshopper loads the selected persistence module in memory. The module
is initialized using the user-defined configuration.
2) Run persistence module
Grasshopper runs the persistence module against the selected payload. The
module is responsible for the deployment and execution of the payload.
3) Cleanup and Exit
Grasshopper cleans up after its activity and exits. The Grasshopper EXE
cleans itself up by initiating a self delete before exiting; the DLL is run from
memory and does not need to self-delete.
18
SECRET//ORCON//NOFORN