Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//ORCON//NOFORN
18.6.21 Set Whitelist
The whitelistfield defines a set of process names that, at least one must be running
for the beacon attempt to occur.
XML Example
<SetWhitelist>
<Prog>iexplore.exe</Prog>
<Prog>firefox.exe</Prog>
</SetWhitelist>
Field Definitions
Prog
The prog field defines one of the program names in the whitelist. The set
whitelist command can have zero or more of these entries. No programs defined
disable the whitelist function. In the example above, the target implants running
whitelist will include “iexplore.exe” and “firefox.exe”.
197
SECRET//ORCON//NOFORN