Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//NOFORN
________________________________________________________________________
8.3.2.5 (U) Memunload
(S//NF) This command will unload a loaded module based on the nickname provided in the
memload command. WARNING: The nickname is case sensitive.
Usage: memunload pre=0 nickname=<string>
Example:
[memunload] - unload a DLL already loaded on target
Description: amount of time prior to command processing (0-default)
pre-delay (number):
Description: specific nickname used during memload
nickname (string):mymodule
Output:
COMMAND: memunload pre=0 nickname="mymodule"
8.3.2.6 (U) Set
(S//NF) This command will update a specific configuration option. The following list shows all
the configuration options available via this command.
interval={number} - beacon interval
jitter={percent} - beacon jitter in percentage
bootdelay={number} - amount of time to wait at each boot
hibernationdelay={number} - amount of time to wait after install
taskingdelay={number} - amount of time to wait before tasking
domains={string} - IP or URL of listening post
port={port} - port number of listening post
proxyport={port} - port number of proxy
proxyaddress={ipaddress} - port address of proxy
useragentstring={string} - user agent string sent with command
urlpath={string} - url path for tasking
acceptstring={string} - accept string
acceptlangstring={string} - accept language string
acceptencodingstring={string} - accept encoding string
ieproxyaddress={string} - IE proxy address string
wpadproxyaddress={string} - WPAd proxy address string
statefilepath={string} - state information processing path
batchexecutiontimeout={number} - max amount of time per batch
commandexecutiontimeout={number} - max amount of tie per command
maxchunksize={number} - max amount of bytes to process per send
maxcpuutilization={percent} - max cpu utilization during processing
maxprocessingdatasize={number} - max data size
uninstalldate={date(YYYY-MM-DDTHH:MM:SS)} - time to uninstall
deadmandelay={number} - maximum time to wait for successful beacon
beaconfailures={number} - maximum number of beacons before uninstall
killfilepath={string} - location of kill file
safety={number} - any number - this will perform a no-operation (NOOP)
Usage: set pre=0 post=0 <command>=<value>
Example:
[set] - update a specific configuration setting on target
Description: amount of time prior to command processing (0-default)
pre-delay (number):
Description: amount of time after command processing completes (0-default)
post-delay (number):
SECRET//NOFORN 33

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh