Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//20341105
file)
wtpack.exe
Table : (S) Angelfire Footprint Revision
Forensic Entry Purpose Changeable
File: encrypted container file Holds boot code Yes
Boot Sector: partition boot sector modification Holds boot code No
Registry key:
HKLM\System\CurrentControlSet\Control\Windows\
SystemLookup
Holds BadMFS
parameters
No
Covert Store: BadMFS will create an encrypted
covert file system in the file specified in the zf file.
Alternatively, the covert file system can be placed at
the end of the active partition.
Holds driver and
user-mode
implants
No
af+mainrepo+Angelfire 2.0 UserGuide 5
of 15
SECRET//20341105

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh