Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//ORCON//NOFORN
10.4.5 Maintenance Commands
The task sub-shell provides the following commands that will add Assassin
maintenance commands to the task being created. Maintenance commands are
used to check the Implant's status, manage the upload queue, modify
persistence, or uninstall completely.
get_status [--basic] [--beacon] [--comms] [--list] [--dirs] [--dir-files] [--all]
MODE
Retrieve the current target configuration and status information.
--basic
retrieve settings for when implant runs (hibernate, uninstall
date)
--beacon
retrieve settings for when target beacons
(initial wait, interval, maximum, jitter, backoff, max failures)
--comms
retrieve settings for target communications
--list
retrieve settings for white and black lists
--dirs
retrieve settings for target directories (in, out, push, start,
stage)
--dir-files
retrieve list of files in the target directories
--all
restore all of the settings (default)
MODE
configuration set from which to retrieve status information
running collect information from running configuration set
persistentcollect information from persistent configuration
set
factory collect information from factory configuration set
clear_queue
Remove all files from the implant's upload queue.
The command will delete all files from the output, push, and staging directories.
This may include chunks of files that have been partially uploaded.
upload_all
Upload all files currently in the upload queue.
Warning: This is a dangerous command and may have adverse effects if the
upload queue has a significant backlog. Please use the get_status command
with the --dir-files option to decide if the risk is acceptable.
unpersist
Disable the implant's persistence mechanism. The side effects of the command
103
SECRET//ORCON//NOFORN