Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//ORCON//NOFORN
6.20 Set Whitelist
The whitelistfield defines a set of process names that, at least one must be running
for the beacon attempt to occur.
XML Example
<SetWhitelist>
<Prog>iexplore.exe</Prog>
<Prog>firefox.exe</Prog>
</SetWhitelist>
Field Definitions
Prog
The prog field defines one of the program names in the whitelist. The set
whitelist command can have zero or more of these entries. No programs defined
disable the whitelist function. In the example above, the target implants running
whitelist will include “iexplore.exe” and “firefox.exe”.
179
SECRET//ORCON//NOFORN