Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN
________________________________________________________________________
Usage: python.exe tasker.py
8.2.1 (U) RECEIPT
(S//NF) This argument defines an existing receipt filename to be used for processing. A receipt
file is generated by the Builder and contains all the settings for the configured implant.
8.2.2 (U) SCRIPT
(S//NF) This argument provides the ability to import a script for processing. A script is simply a
text file that contains all the commands in a batch script. The following sections will describe
the syntax for the command script.
8.2.3 (U) GENERATE
(S//NF) This argument provides the output path location. By default, the output will be stored in
the tasker_output directory. This option will override the location for the tasking output
information.
8.2.4 (U) PRIORITY
(S//NF) This argument provides ability to set the priority/ordering (0..255) NOTE:
128->default and 0->highest. Since each beacon will only retrieve a single batch command, this
option allows the user to prioritize the command files to the target.
8.2.5 (U) PERSIST
(S//NF) This argument provides ability to set the batch as a persistent batch. Normally when a
command file is processed on the server, it will be deleted. This option allows SAFETY files to
remain on the server and be processed for every beacon when no data is available for processing.
There is a special SAFETY command to prevent any data written to the disk but providing a
response from the target. If no data is available for a target, the target will not POST a response
to the server. NOTE: these persistent blocks have the responses stored in the SAFTIES
directory.
8.2.6 (U) STOPONERROR
(S//NF) This argument provides ability to stop the batch on a command execution error. Should
a command in the batch fail (e.g. PUT “c:\myfile”), the remaining batch can be cancelled to
prevent undefined behavior of the batch. By default, STOPONERROR is set to false. With
most commands (e.g. “exec net stat”), there are no side effects that need to be validated.
8.2.7 (U) ID
(S//NF) This argument provides the ability to force a specific initial task ID for a tasking
session (usually just used for debugging purposes - number is decoded as hex).
8.2.8 (U) DEBUG
(S//NF) This argument allows debugging information to be included in the output directory.
SECRET//NOFORN 27