Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

Pg. 07
Boot PersistenceBoot PersistenceBoot
Persistence
Miscellaneous
All the crypto functionality in the host DLL will be implemented using the Windows
Cryptography API (CNG) and not using any third party libraries.
It is acceptable to use third party toolkits like Native Development Kit (NDK) for header files (for
data structures) and function prototypes.
The client will send the Parent ID and the Target ID in clear text to the listening post (C&C).
The actual payload will be encrypted using a symmetric encryption key that is hardcoded
(burnt) into the client at time of generating the client binary on the build system.
The developers of this project are free to use any version of the compiler from the Visual Studio
family including the one from the Windows 7 SP1 WDK. The host DLL binary must be linked
against the MSVCRT.dll from 2600 XP WDK.
The host DLL must work and must not cause any popups to be displayed on the client system
with the latest version of Kaspersky Total Security (kts16.0.0.614en_8244.exe) or Kaspersky
Internet Security (kis16.0.0.614en_8232.exe) installed on the client system and configured with
default settings.
Dealing with anti-persistence products like DeepFreeze is not required.

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh