A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #30219  by R136a1
 Mon Apr 10, 2017 7:19 pm
Hi folks,

Symantec published an article about a group they named Longhorn whose tools match the descriptions of the Vault 7 documents leaked by Wikileaks, allegedly the CIA hacking tools arsenal. In the article, they also published the signature names of some tools of which some can be found on Virustotal.

Blogpost: https://www.symantec.com/connect/blogs/ ... ed-vault-7

Backdoor.Plexor:
https://virustotal.com/en/file/6f03586b ... /analysis/
https://virustotal.com/en/file/425bbe70 ... /analysis/
https://virustotal.com/en/file/2156adca ... /analysis/

Backdoor.Trojan.LH1:
https://virustotal.com/en/file/21f72733 ... /analysis/
https://virustotal.com/en/file/e7591998 ... /analysis/

One of the samples is detected as Duqu by Microsoft...

Files attached.
Attachments
PW: infected
(866.99 KiB) Downloaded 132 times