Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
Athena Progress – February 26, 2016 – 11:30am
Achievements:
1) Fixed – install / offline installer for Bravo
2) Added – ST support for memload (ordinal 1) standard rundll32 (ordinal 2)
a. Fixed ramonly – ordinal 1 must createthread and return
3) Added - TestEngineLoop2 – 5 failed beacon / uninstall
4) Fixed - maxchunksize in tasker not working - fixed shell.py:242 (mispelled
do_maxchunksize)
5) Fixed – uninstall timeout – moved logic into command module
6) Fixed – uninstall after failed beacons – moved logic into command module
7) Non-issue - large files - error Error Code = 0xA0000101 (validate config)
processing data size
command execution timeout
batch execution timeout
8) Non-issue – state file – start large file download/reboot/waitfordata
a. This just took a really long time to finish
9) Non-issue - 4 gets & 4 puts with large file (this was a test script error)
10) Non-issue – attempt to install as user – fails (privileges for registry and
data files)
11) Update - compression size changed to 32K - reduces processing time
12) Non-issue – state file not releasing during test – this was a testing issue
13) Fixed – install.cpp::
pCryptReleaseContext referenced wrong function so
32 bit install would fail
14) Fixed – removed printf function in install file security update code
15) Fixed – moved Advapi security function loader to
builder/
FindExportByHash
16) Fixed – ram-only tests were failing because ordinal #2 is the rundll32
function
17) Fixed – removed output strings from bzip2 code on bravo
Test Status:
1) Dart Testing – testing HERA
Issues:
1) Athena is failing on Win10 install – possible issue with hook method
2) Athena is failing on Win8 – remote access not configured properly until next
reboot
3) Offline 32/64 alpha/bravo