Vault 7: Projects
This publication series is about specific projects related to the Vault 7 main publication.
SECRET//20341105
Forensic Entry Purpose Changeable
Registry key:
HKLM\System\CurrentControlSet\Control\Windows\
SystemLookup
Holds BadMFS
parameters
No
Covert Store: BadMFS will create an encrypted
covert file system in the file specified in the zf file.
Alternatively, the covert file system can be placed at
the end of the active partition.
Holds driver and
user-mode
implants
No
af+mainrepo+wolfcreek+Docs+Angelfire_UserGuide
5 of 21
SECRET//20341105
Wolfcreek-Docs-Angelfire_UserGuide.pdf