Wikileaks Vault 7 Releases New CIA Tool 'Pandemic'

Wikileaks Vault 7 Releases New CIA Tool 'Pandemic.'

The Latest release of Wikileaks Vault 7 Pandemic, which roles of a persistent implant for Microsoft Windows file server and can access by remotely to run programs. 

• The Project acts as Patient Zero. 
• To Access on Windows Machine Remotely.
• This Tool can delete your Data and upload Malicious Software.
• Pandemic can replace 20 programs with 800MB size. 
• According to documentation, its installation takes process between 10 to 15 seconds.

Today, June 1st 2017, WikiLeaks publishes documents from the "Pandemic" project of the CIA, a persistent implant for Microsoft Windows machines that share files (programs) with remote users in a local network. "Pandemic" targets remote users by replacing application code on-the-fly with a trojaned version if the program is retrieved from the infected machine.

To obfuscate its activity, the original file on the file server remains unchanged; it is only modified/replaced while in transit from the pandemic file server before being executed on the computer of the remote user. The implant allows the replacement of up to 20 programs with a maximum size of 800 MB for a selected list of remote users (targets).

As the name suggests, a single computer on a local network with shared drives that is infected with the "Pandemic" implant will act like a "Patient Zero" in the spread of a disease. It will infect remote computers if the user executes programs stored on the pandemic file server. Although not explicitly stated in the documents, it seems technically feasible that remote computers that provide file shares themselves become new pandemic file servers on the local network to reach new targets.

On 19th May Wikileaks was published the documents from the Athena project of the CIA. Related "Hera" system - provides remote beacon and loader capabilities on target computers running the Microsoft Windows operating system (from Windows XP to Windows 10).

Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customize it to an operation.

Currently, Wikileaks have released 10 Tools Under Vault 7 Series.