Vault7: CIA Hacking Tools Revealed
Navigation: » Directory » Knowledge Base » Tech Topics and Techniques Knowledge Base » Windows » Windows Code Snippets » Payload Deployment Modules (KB) » Payload Deployment Modules: On Disk Executables
Create Process Using Temp Directory (LoadFromDisk_GHR - Gharial)
OSB Library: Payload Deployment
Module Name: All name information regarding the module to include file name, crypt name, etc.
Module Description: Describe how the technique works. All the cool things it does. Describe how cool the module writer is, etc.
PSP/OS Issues: Any PSP/OS issues associated with the technique.
Sharing Level: Unilateral, Liaison, Intelligence Community (Default: Unilateral - until otherwise noted)
Technique Origin: In-house, internet/open-source, reversed malware, stolen, etc.
Notes: Any information that could be useful to anyone maintaining the code or using the code. i.e. This module uses Alternate Data Streams which are only available on NTFSNT filesystem (Windows) volumes.
Module Specific Structures: Any module specific data structures. (Any PVOID pvStructs).
INCLUDE DESCRIPTIVE LABELS FOR EACH MODULE
If Miscellaneous Modules were used in the creation of this module, include the tool list excerpt from this page inside the tool list excerpt of each Miscellaneous Module used. For example, if the CreateDirectoryWithAttributes Misc. Module was used, add an "Excerpt Include" macro inside of the Tool List Excerpt on the documentation page for the CreateDirectoryWithAttributes module. The tool list for this module should now always show up in the list of tools that use the CreateDirectoryWithAttributes.