Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//ORCON//NOFORN
1.4 Footprint
This section documents the footprint of the Injection executables and their
operation on the target environment.
Launcher Executable
The Launcher executable is copied to the target file system before it is run. The
name and location of the executable is determined by the operator, either
through directly placing the executable or by configuring the Extractor that
places it.
Extractor Executable
The Extractor executable is copied to the target file system before it is run. The
name and location of the executable is determined by the operator who places
it. The Extractor self deletes shortly after being run.
Service Registry
The Launcher adds a key to the registry to set itself up as a service. The key is
added at ‘HKLM\SYSTEM\CurrentControlSet\Services’. The name and subkeys of this
key are selected by the operator at build time.
59
SECRET//ORCON//NOFORN