Another Wikileaks Exposure
Pandemic
Today, June 1st 2017, WikiLeaks publishes documents from
the "Pandemic" project of the CIA, a persistent implant for Microsoft
Windows machines that share files (programs) with remote users in a
local network. "Pandemic" targets remote users by replacing application
code on-the-fly with a trojaned version if the program is retrieved
from the infected machine. To obfuscate its activity, the original file
on the file server remains unchanged; it is only modified/replaced while
in transit from the pandemic file server before being executed on the
computer of the remote user. The implant allows the replacement of up to
20 programs with a maximum size of 800 MB for a selected list of remote
users (targets).
As the name suggests, a single computer on a local network with
shared drives that is infected with the "Pandemic" implant will act like
a "Patient Zero" in the spread of a disease. It will infect remote
computers if the user executes programs stored on the pandemic file
server. Although not explicitly stated in the documents, it seems
technically feasible that remote computers that provide file shares
themselves become new pandemic file servers on the local network to
reach new targets.
These are the Wikileaks leaked file.
Pandemic 1.1 (S/NF)
Pandemic 1.1-RC1 (S/NF)
Pandemic-1_0-S-NF
Pandemic 1.1-RC1--IVVRR_Checklist
Pandemic 1.0 -- IVVRR Checklist
Pandemic 1.1 (S/NF)
Pandemic 1.1-RC1 (S/NF)
Pandemic-1_0-S-NF
Pandemic 1.1-RC1--IVVRR_Checklist
Pandemic 1.0 -- IVVRR Checklist
