Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//ORCON//NOFORN
Set one or more of the beacon parameters. Note that 0 indicates ‘do not alter
this value’.
run_mode
Code specifying the run mode, represented by combining the
following keys:
‘r’ - run the task on receipt
‘s’ - run the task on every Implant startup
‘p’ - push the task results to the LP immediately
initial
Initial wait after Implant startup before beacon (default = 0)
default_int
Default interval between beacons (default = 0)
max_int
Maximum interval between beacons (default = 0)
factor
Backoff factor to modify beacon interval (default = 0)
If beacon fails, multiply beacon interval by factor.
If beacon succeeds, restore beacon interval to default.
jitter
Range to vary the timing of beacons (default = 0)
set_blacklist <run_mode> [programs=[]] [files=[]]
Set the target blacklist. If no parameters are provided, the command will enter
a subshell; see section Appendix A:3.2 on Program List subshells.
run_mode
Code specifying the run mode, represented by combining the
following keys:
‘r’ - run the task on receipt
‘s’ - run the task on every Implant startup
‘p’ - push the task results to the LP immediately
programs
Set of executable names to include in the blacklist, specified as
a Python list or tuple
files
Set of blacklist files, specified as a Python list or tuple
Blacklist files are whitespace-delimited lists of executable
names to include in a target blacklist.
set_whitelist <run_mode> [programs=[]] [files=[]]
Set the target whitelist. If no parameters are provided, the command will enter
a subshell; see section Appendix A:3.2 on Program List subshells.
run_mode
Code specifying the run mode, represented by combining the
following keys:
‘r’ - run the task on receipt
‘s’ - run the task on every Implant startup
‘p’ - push the task results to the LP immediately
programs
Set of executable names to include in the whitelist, specified
as a Python list or tuple
files
Set of whitelist files, specified as a Python list or tuple
Blacklist files are whitespace-delimited lists of executable
names to include in a target blacklist.
36
SECRET//ORCON//NOFORN