Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Pandemic project of the CIA (https://forum.exetools.com/showthread.php?t=18275)

zeuscane 06-01-2017 21:49

Pandemic project of the CIA
 
New revelation of WikiLeaks on CIA projects.
Please look at
https://wikileaks.org/vault7/#Pandemic

regards
zeuscane

korosh 06-03-2017 06:58

Sigma rule to detect #Pandemic implant:

https://github.com/Neo23x0/sigma/blob/master/rules/apt/apt_pandemic.yml

tonyweb 06-03-2017 13:45

Hello guys,
correct me if/where I am wrong but, as far as I have read, the infection starts only
Quote:

if the user executes programs stored on the pandemic file server.
It seems to me unlikely that one runs an executable directly on a remote share (are there scenarios where this actually happen?), I would copy it to my local machine beforehand and the executable is modified while copying (in order to run the remote program, its bytes must be actually trasferred to the target system's RAM).

In this case, couldn't a so-called antivirus detect the malicious activity as usual?
Maybe the "news" stays in the method itself not quite in the risk :)

Thanks and Regards,
Tony


All times are GMT +8. The time now is 16:04.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX