Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//ORCON//NOFORN
10.4.4 Configuration Tasks
The following tasks are used to modify the configuration of the implant, which
determines when and how the Implant communicates, and the duration of the
operation.
Configuration Set Tasks
The configuration set tasks are used to manipulate the configuration sets. There
are three sets of configurations: running, persistent, and factory. The running
configuration is the settings under which the Implant currently operates. The
persistent configuration is the settings that Assassin reverts to upon Implant
startup. The factory configuration is the settings that the Implant had when it
was built.
persist_settings <run_mode>
Save the current settings as the default configuration that will be loaded at
Implant startup.
All configuration changes must be explicitly persisted, or they will revert on
next startup.
run_mode
Code specifying the run mode, represented by combining the
following keys:
‘r’ - run the task on receipt
‘s’ - run the task on every Implant startup
‘p’ - push the task results to the LP immediately
restore_defaults <run_mode> <options>
Restore the Implant configuration to factory settings. Any changes must be
persisted explicitly.
run_mode
Code specifying the run mode, represented by combining the
following keys:
‘r’ - run the task on receipt
‘s’ - run the task on every Implant startup
‘p’ - push the task results to the LP immediately
options
Type of configuration settings that will be restored:
‘all’ - all configuration settings
‘basic’ - basic configuration settings, including:
* hibernate configuration
* uninstallation time and date
‘beacon’ - beacon configuration settings, including:
initial wait, default interval, jitter, maximum interval,
backoff multiple, maximum failures
‘comms’ - comms configuration, including:
chunk size and transport list
‘list’ - whitelist and blacklist configurations
Beacon Configuration Tasks
103
SECRET//ORCON//NOFORN