Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//ORCON//NOFORN
4 Footprint
The NULL module writes an unobfuscatedpayload to the target filesystem. The path
is specified by the user at build time. This file will not be deleted by Grasshopper.
The process of the payload executable is visible in the Task Manager during
execution.
5 Receipt XML Format
NULL's configuration is recorded in the Grasshopper receipt at build time under
build.xml. An example and description of the xml format is provided below.
5.1 XML Example
<PersistModule>
<UUID>9d03da02ab3a47d7bd28c9a776ba9806</UUID>
<Null>
<PayloadPath>C:\Target\payload.exe</PayloadPath>
</Null>
</PersistModule>
5.2 Field Definitions
UUID
The universally unique identifier for the module variant used in the build.
Null
The configuration information used by the NULL module.
PayloadPath
The path to the payload on the target deployed by NULL.
Appendix A:
4
SECRET//ORCON//NOFORN