Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
Owner: User #20873595
Grasshopper Persistence Techniques
Delivered Techniques:
Grasshopper Module Name | Number of Stubs |
BitBucket Link | Description |
---|---|---|---|
Service DLL | 6 | Service DLL | Registers a Service DLLDynamic Link Library to be launched on reboot |
Service Proxy | 3 | Service Proxy | Sits in the spot of a normal service, gets called instead, will then call that normal service |
Scheduled Task | 3 | Scheduled Task | Creates a scheduled task to execute on reboot |
Run Key | 1 | Run Key | Creates a Run Key to run at reboot |
In Progress Techniques:
Grasshopper Module Name | BitBucket Link | Execution Level |
Description | |
---|---|---|---|---|
Icon Overlay | Icon Overlay | User | Registers an Icon Overlay comm object that will load a DLLDynamic Link Library whenever explorer.exe is started, as the current user | |
WMI Persistence | WMI Persistence | |||
The Weasels:
The Weasels are a set of techniques developed by ESD(Branch) contractors under the Bronze Forge program.
Grasshopper Module Name | Description |
---|---|
BitingWeasel 1.1 | IGD Searcher DLLDynamic Link Library for BITS service |
SneakyWeasel 1.1 | Service DLLDynamic Link Library with Hijack (lol!) |
TimidWeasel 1.1 | Windows Time Provider |
TunnellingWeasel 1.1 | Pluggable interface to the built-in Teredo |
GraveWeasel 1.0 |
Creates a local-machine Windows Group Policy Startup Script (Maybe only runs as LOCAL SERVICE) |