asked on

Question on CIA's tool and frameworks on VAult7 arsenal.

Hi to All of you,
during the last days, while we were all concentrated on the Wannacry ransomware, Wikileaks released more information/files on the VAult7 arsenal.

I've been asked to check and find samples and/or MD5 hashes on the following CIA's tools and frameworks in order to see if our network and clients have been compromised or not.
The tools are :
Archimedes
Assassin
AfterMidnight

to be homest I'm not sure these tools are already available but asking doesn't cost.
Thank you
Carlettus

SOLUTION

John Tsioumpris

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Carletto

ASKER

Hello Jon,
I'm not really sure but these two are links on the subject.

http://www.computerworld.com/article/3196987/security/wikileaks-posts-user-guides-for-cia-malware-implants-assassin-and-aftermidnight.html

https://wikileaks.org/vault7/#AfterMidnight

bye
Carlettus

btan

At best you can try to see this, the hashes are available but the document will describe those doing and probably that helps in writing the yara rules on keyword on dump files..

https://github.com/troydo42/CIAHackingTools?files=1

John Tsioumpris

My comment above stands...whether they are true or not if you are targeted i find its easier the human approach than the tech approach...Just take the usual measures and you should be good to go...as for the hashes a minor addition in the code and the hashes are different

SOLUTION

masnrock

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER CERTIFIED SOLUTION

btan

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Carletto

ASKER

I would like to thank you for the advices on how to keep my network safe. I'll look for AMP as well.
Thank you.
Carlettus