Anonymous ID: d6f7df March 8, 2019, 7:47 p.m. No.5584418   🗄️.is 🔗kun   >>4469

>>5583946

 

Forensic Entry Purpose Changeable

 

File: encrypted container file Holds boot code Yes

Boot Sector: partition boot sector modification Holds boot code No

 

LOOK FOR THIS KEY TO KNOW IF CLOWN MALWARE PLANTED

Registry key:

HKLM\System\CurrentControlSet\Control\Windows\

SystemLookup

 

Holds BadMFS

parameters

No

Covert Store: BadMFS will create an encrypted

covert file system in the file specified in the zf file.

Alternatively, the covert file system can be placed at

the end of the active partition.

Holds driver and

user-mode

implants

No

 

https://wikileaks.org/vault7/document/Angelfire-2_0-UserGuide/page-5/#pagination