Carletto
asked on
Question on CIA's tool and frameworks on VAult7 arsenal.
Hi to All of you,
during the last days, while we were all concentrated on the Wannacry ransomware, Wikileaks released more information/files on the VAult7 arsenal.
I've been asked to check and find samples and/or MD5 hashes on the following CIA's tools and frameworks in order to see if our network and clients have been compromised or not.
The tools are :
Archimedes
Assassin
AfterMidnight
to be homest I'm not sure these tools are already available but asking doesn't cost.
Thank you
Carlettus
during the last days, while we were all concentrated on the Wannacry ransomware, Wikileaks released more information/files on the VAult7 arsenal.
I've been asked to check and find samples and/or MD5 hashes on the following CIA's tools and frameworks in order to see if our network and clients have been compromised or not.
The tools are :
Archimedes
Assassin
AfterMidnight
to be homest I'm not sure these tools are already available but asking doesn't cost.
Thank you
Carlettus
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
At best you can try to see this, the hashes are available but the document will describe those doing and probably that helps in writing the yara rules on keyword on dump files..
https://github.com/troydo42/CIAHackingTools?files=1
https://github.com/troydo42/CIAHackingTools?files=1
My comment above stands...whether they are true or not if you are targeted i find its easier the human approach than the tech approach...Just take the usual measures and you should be good to go...as for the hashes a minor addition in the code and the hashes are different
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I would like to thank you for the advices on how to keep my network safe. I'll look for AMP as well.
Thank you.
Carlettus
Thank you.
Carlettus
ASKER
I'm not really sure but these two are links on the subject.
http://www.computerworld.com/article/3196987/security/wikileaks-posts-user-guides-for-cia-malware-implants-assassin-and-aftermidnight.html
https://wikileaks.org/vault7/#AfterMidnight
bye
Carlettus