Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//NOFORN
1.1 Concept of Operations
AfterMidnight is a DLL that self-persists as a Windows Service DLL and provides
secure execution of “Gremlins” via a HTTPS based LP.
Once installed on a target machine AM will call back to a configured LP on a
configurable schedule, checking to see if there is a new plan for it to execute. If
there is, it downloads and stores all needed components before loading all new
gremlins in memory.
All local storage is encrypted with an “LP” key that is not stored on the client. If AM
is unable to contact the LP it will be unable to execute any payload.
5
SECRET//NOFORN

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh