Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN
• Service Description – Desired Windows service description
• Service Display – Desired Windows deplay name
• Core File – IMPORTANT – File that AM will attempt to load as Midnight Core.
It must be placed manually prior to running AM.
• Data File – Full path that AM will use for internal encrypted storage. Will be
automatically created.
• Staging Directory – Name of a directory to store the communications exfil
queue. This should be a directory that does not exist on the target machine
and is unlikely to have other files written to it.
• Config File – Full path to the file AM will store it’s obfuscated config
information. Will be automatically created.
• Kill File – Full path to the “kill file” that, if present, will force AM to self-
uninstall.
Note that for a single operation there may not be a need to have different builds for
each machine on a network. It is perfectly acceptable from a technical standpoint
to only have a handful of different builds compared to the total number of target
computers.
27
SECRET//NOFORN