Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//ORCON//NOFORN
2.3 Footprint
This section documents the footprint of the Service Installation executables and
their operation on the target environment.
Installation Executable
The Installation executable is copied to the target file system before it is run.
The name and location of the executable is determined by the operator who
places it. The executable self deletes shortly after being run.
Service Registry
The Installer adds a key to the registry to set the Implant Service DLL up as a
service. The key is added at ‘HKLM\SYSTEM\CurrentControlSet\Services’. The name
and subkeys of this key are selected by the operator at build time.
62
SECRET//ORCON//NOFORN

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh