Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRE
T//
NOFORN
Pique Analysis Report
20150807-252-MIRcon-Somethin
g
About WMI
Ra
y
theon Blackbird Technolo
g
i
es,
Inc. 1 07 Au
g
ust 2015
Use or disclosure of data contained on this sheet is su
bje
ct to the restrictions on the title
page
of this document.
SECRE
T//
NOFORN
1.0 (U) Analysis Summary
(S//NF) This report is a slide deck of a presentation given on WMI and its use in malicious
attacks. The briefing is a very good overview of what WMI is and provides some examples of
how to construct WMI commands to accomplish important tasks such as target reconnaissance,
pivoting, privilege escalation, persistence, and data theft.
(S//NF) Prior to getting into the examples on how to use WMI maliciously, the briefing deck
provides a nice overview of what WMI is and how to interact with it.
(S//NF) This report is a very nice high-level overview of what WMI is and how to interact with it
via several methods, CLI, VBS, PowerShell, and a couple of third-party tools. However, there
are no techniques or methods discussed worth recommending PoCs against.
2.0 (U) Description of the Technique
(S//NF) Not applicable as no PoCs are recommended.
3.0 (U) Identification of Affected Applications
(U) Windows.
4.0 (U) Related Techniques
(S//NF) Remote administration, target reconnaissance, pivoting, privilege escalation, persistence,
and data theft.
5.0 (U) Configurable Parameters
(U) Not applicable.
6.0 (U) Exploitation Method and Vectors
(S//NF) No exploitation method or attack vectors were discussed in this report.
7.0 (U) Caveats
(U) None.
8.0 (U) Risks
(S//NF) Not applicable as no PoCs are recommended from this report.

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh