Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//ORCON//NOFORN
2.5 Footprint
Grasshopper maintains a minimal footprint on the target machine. Persistence
modules will, by necessity, expand that footprint. Persistence module users' guides
should be consulted accordingly.
Installer Executable
When using the Grasshopper EXE, the executable is placed and run from the
target filesystem with a user-determined name and location. During operation,
the Grasshopper executable is present in the process list. Once the installer has
finished its operation, the Grasshopper EXE self deletes.
The Grasshopper DLL is run from memory and will not explicitly touch the disk.
Log File
The Grasshopper log file is optionally stored on the target filesystem at a user-
specified location. The log file is unencrypted, but is meaningless without the
context provided by the installer build receipt.
24
SECRET//ORCON//NOFORN

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh