-
or _
used in place of spaces, to one of the categories such as exfiltration, phishing, remote_access or recon. Do not create your own category.SETUP
, with may include a FAIL
if certain conditions are not met. This is typically followed by either a single ATTACK
or multiple STAGEs
. More complex payloads may include a SPECIAL
function to wait until certain conditions are met. Payloads commonly end with a CLEANUP
phase, such as moving and deleting files or stopping services. A payload may FINISH
when the objective is complete and the device is safe to eject or turn off. These common payload states correspond to LED
states.