Skip to main content

Vault 7 - intelligence hacking tools



Vault 7 :
It is the series of leaks released by wikileaks the disclosurer on U.S. central intelligence,
largest ever disclosure of confidential documents on a agency.
The day on which is CIA lost control over its hacking arsenal which includes malware, trojan, virues is referred to 'Zero Day' by wikileaks. The archive is very usefull who knows to use it and can give him full  hacking capability of CIA.

 CIA has been building not only capable spys, agents but also a fleet of hackers which seem to be everywhere in world.The agency has given no response to these leaks as it may indicate the controversial hacking arsenal of NSA.

VAULT 7 : part one CIA hacking tools

 CIA hacking tools are developed by EDG (engineering development group) , a software developmet group within CIA.

 There was attack against Samsung smart tv with cooperation of MI5  , the infestation was known as weeping angels, it targets tv to put it in a Fake-off mode so that owner falsely believes that its off, but in Fake-off mode the tv acts like bug recording conversation and send it through internet.

 CIA malware target windows, OSx, linux:

 The major part of documents leaked were about iphones , mac OSx, ios the os on which iphone's run. As it is highly popular between politicians, business, social elites. 
The CIA also taken time for Microsoft windows users to infect with its malwares like "Hammer drill"
which infects softwares distributed on CD/DVD's , malwares  to hide data in form of image and keep malware infestations going on

Avoid forensics and ant-virus:

 All of the CIA malware are designed in such a way that it does not caught by any of cyber-forensics and antivirus like avg, avira, norton, etc, so that it does not leave trail for connection with CIA.
To do that there are Do's and dont's while writing the programme
they use encryption to secure the communication between hackers,  data between implants and cache servers.

Malware, trojan, virus Examples by CIA:

 HIVE:

 HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms.
It provides a platform on a computer , server, on whch customized imlants can perform functions and send there data without awareness of user.
The implants are configured to communicate via HTTPS with the webserver of a cover domain.

 UMBRAGE:

 CIA not only write the malware but uses other hacker or agency programmes also and use it for their use so that its connection will be form to those cyber criminals or agencies.The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.


 Improvise (JQJIMPROVISE):

'Improvise' is a toolset for configuration, post-processing, payload setup and execution vector selection for survey/exfiltration tools supporting all major operating systems like Windows (Bartender), MacOS (JukeBox) and Linux (DanceFloor). Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools based on requirements from 'Fine Dining' questionairies.
 RickyBobby :
 RickyBobby is a lightweight implant for target computers running newer versions of Microsoft Windows and Windows Server. The RickyBobby implant enables COG operators to upload and download files and execute commands and executables on the target computer without detection as malicious software by personal security products (PSPs).




FLASH BANG:


Flash Bang is a tool designed to beable to migrate from a browser process (using sandbox breakout), escalate privileges, and memory load a NOD Persistence Spec dll.
reference:  wikileaks.org























































































Labels:

Comments

Post a Comment

Popular posts from this blog

Vault 7: CIA anti forensic framework Marble

  Wikileaks leaked  third part in series of  Vault 7 yesterday , CIA secret Anti-forensic Marble-framework. Marble is used to confuse and incomprehensible the forensics and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA. Marble framework does all of this by hiding text in viruse, troajns(or CIA malware) from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA. Marble framework is a very core thing used with CIA malwares to avoid forensic investigations  pointing CIA for it. The Marble source code also includes a deobfuscator to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marb...
Post a Comment
Read more

vault 7 - Dark Matter hidden from public eyes and minds

Dark Matter: Hidden from public eyes In the second part of vault series by wikileaks it shows documents of CIA in which there are software's which can make you think that is it to use apple devices Due to popularity of apple devices among common mass as well as political, social, economic, buisnessmen because of its look, security and extra features , CIA take advantage and developed tools for infesting mac with malwares, and trojans. Sonic Screwdriver : It is developed by EDG branch of information operation center in CIA. If you want to boot from device on mac or OSx it will prompt firmware password which prevents any unknown person to interfere with the device. In a sonic screwdriver document it reveled method by which a person can execute codes from a USB thumbstick, DVD/CD, or external hard drive   while MAC laptop is booting even if it has password on it. The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Th...
Post a Comment
Read more