Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//20341105
Table of Contents
1.(U) INTRODUCTION....................................................................................................6
2.(S) IMPLANT FORENSICS..........................................................................................6
3.(S) IMPLANT OPERATION.........................................................................................8
3.1(U) ANGELFIRE INSTALLER.........................................................................................8
3.1.1(U) Command Line Specification........................................................................8
3.3(S) USING THE ZF.....................................................................................................10
3.4(S) ANGELFIRE INSTALLATION (-IPR OR -IPL)............................................................10
3.4.1(S) -ipr...............................................................................................................10
3.4.2(S) -ipl................................................................................................................10
3.4.3(S) Re Installation (-ipr or -ipl).........................................................................11
3.5 (S) ANGELFIRE UPDATE (-UPR)................................................................................12
3.6 (S) ANGELFIRE UN-INSTALLATION (-R)....................................................................12
3.7(S) COVERT FILE SYSTEM.........................................................................................12
3.8(S) COVERT FILE SYSTEM UNINSTALLATION (-C).....................................................12
3.9 (S) ADDING A FILE TO THE COVERT FILE SYSTEM (-F)...........................................12
3.9.1(S) Adding a driver to the covert file system (-f)...............................................13
3.9.2 (S) Adding an executable to the covert file system (-f).....................................13
3.9.3(S) Adding a driver or executable to the covert file system with a one-time
delay (-t)....................................................................................................................13
3.9.4(S) Periodically executing an application with an interval (-i).........................14
3.9.5(S) Adding a permanent delay (-p)....................................................................14
3.9.6(S) Deleting an executable from the covert file system (-x)...............................14
3.10(S) LISTINGTHE CONTENTS OF THE COVERT FILE SYSTEM (-L)............................14
3.11(S) GETTING A FILE FROM THE COVERT FILE SYSTEM (-G)...................................15
3.12(S) EXECUTING BINARIES ON AN EXISTING INSTALL WITHOUT REBOOT (-K)..........15
4.(U) OPERATIONAL NOTES......................................................................................15
4.1(S) POST INSTALL CLEANUP......................................................................................15
4.2(S) USING ANGELFIRE TO START DRIVERS...............................................................15
4.3 (S) USING ANGELFIRE TO START EXECUTABLES.....................................................16
4.4 (S) ERROR LOGGING................................................................................................16
5.(S) OS COMPATIBILITY LIST..................................................................................16
6. (U) KNOWN ISSUES..................................................................................................16
7.(U) INSTALLER ERROR CONDITIONS.................................................................20
8.(U) RUNTIME ERROR CONDITIONS....................................................................27
af+mainrepo+wolfcreek+Docs+Angelfire_UserGuide
3 of 21
SECRET//20341105

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh