Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-01-2017, 21:49
zeuscane's Avatar
zeuscane zeuscane is offline
VIP
 
Join Date: Jun 2010
Location: In the world and sometimes on the moon
Posts: 272
Rept. Given: 632
Rept. Rcvd 154 Times in 63 Posts
Thanks Given: 674
Thanks Rcvd at 154 Times in 61 Posts
zeuscane Reputation: 100-199 zeuscane Reputation: 100-199
Pandemic project of the CIA

New revelation of WikiLeaks on CIA projects.
Please look at
https://wikileaks.org/vault7/#Pandemic

regards
zeuscane
__________________
"Educate yourselves because we'll need all your intelligence.
Stir yourselves because we'll need all your enthusiasm.
Organize yourselves because we'll need all your strength."
Reply With Quote
The Following User Says Thank You to zeuscane For This Useful Post:
tonyweb (06-03-2017)
  #2  
Old 06-03-2017, 06:58
korosh korosh is offline
Friend
 
Join Date: May 2007
Posts: 86
Rept. Given: 99
Rept. Rcvd 26 Times in 16 Posts
Thanks Given: 16
Thanks Rcvd at 23 Times in 12 Posts
korosh Reputation: 26
Sigma rule to detect #Pandemic implant:

https://github.com/Neo23x0/sigma/blob/master/rules/apt/apt_pandemic.yml
Reply With Quote
The Following 2 Users Say Thank You to korosh For This Useful Post:
tonyweb (06-03-2017), zeuscane (06-03-2017)
  #3  
Old 06-03-2017, 13:45
tonyweb tonyweb is offline
Family
 
Join Date: Jan 2009
Posts: 190
Rept. Given: 190
Rept. Rcvd 95 Times in 36 Posts
Thanks Given: 1,901
Thanks Rcvd at 299 Times in 122 Posts
tonyweb Reputation: 95
Hello guys,
correct me if/where I am wrong but, as far as I have read, the infection starts only
Quote:
if the user executes programs stored on the pandemic file server.
It seems to me unlikely that one runs an executable directly on a remote share (are there scenarios where this actually happen?), I would copy it to my local machine beforehand and the executable is modified while copying (in order to run the remote program, its bytes must be actually trasferred to the target system's RAM).

In this case, couldn't a so-called antivirus detect the malicious activity as usual?
Maybe the "news" stays in the method itself not quite in the risk

Thanks and Regards,
Tony
__________________
Want to learn unpacking ... but I'm too stupid

Last edited by tonyweb; 06-03-2017 at 19:26.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
it's a inscrutable project! LoveExeZ General Discussion 0 08-12-2004 09:31
Full version of Project-52 and Project-AVR Yaumen General Discussion 0 08-10-2004 16:27


All times are GMT +8. The time now is 17:04.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )