Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//ORCON//NOFORN
18.6.4 Execute
The execute command will cause the target Implant to run a specified command
with arguments on the target system. The command can be run either in the
foreground or the background. If executed in the foreground, all of the data sent to
both standard out and standard error will be captured and returned in the Assassin
result file.
XML Example
<Execute>
<RemoteFile>c:\windows\system32\ping.exe</RemoteFile>
<Args>candlestick.devlan.net</Args>
<Foreground/>
</Execute>
Field Definitions
Remote File
The remote file field defines the full path of the file to execute. In the example
above, the file to be executed will be “c:\windows\system32\ping.exe”.
Args
The args field defines the arguments, if any, to provide to the file being
executed. In the example above, the arguments have been set to
“candlestick.devlan.net”.
Foreground
The foreground field is a Boolean field. If the field is present in the XML, the task
will tell the target Implant to capture all of the execute output and return it in the
results.
179
SECRET//ORCON//NOFORN