{"id":93304,"date":"2017-06-05T12:00:20","date_gmt":"2017-06-05T11:00:20","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=93304"},"modified":"2017-06-04T10:17:03","modified_gmt":"2017-06-04T09:17:03","slug":"vault-7-pandemic","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2017\/06\/vault-7-pandemic\/","title":{"rendered":"Vault 7: Pandemic"},"content":{"rendered":"<p style=\"padding-left: 30px;\"><a href=\"https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/04\/wikileaks-logo.png\" ><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-thumbnail wp-image-90223\" src=\"https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/04\/wikileaks-logo-150x150.png\" alt=\"\" width=\"150\" height=\"150\" \/><\/a>Today, June 1st 2017, WikiLeaks publishes documents from the &#8220;Pandemic&#8221; project of the CIA, a persistent implant for Microsoft Windows machines that share files (programs) with remote users in a local network. &#8220;Pandemic&#8221; targets remote users by replacing application code on-the-fly with a trojaned version if the program is retrieved from the infected machine. To obfuscate its activity, the original file on the file server remains unchanged; it is only modified\/replaced while in transit from the pandemic file server before being executed on the computer of the remote user. The implant allows the replacement of up to 20 programs with a maximum size of 800 MB for a selected list of remote users (targets).<\/p>\n<p>As the name suggests, a single computer on a local network with shared drives that is infected with the &#8220;Pandemic&#8221; implant will act like a &#8220;Patient Zero&#8221; in the spread of a disease. It will infect remote computers if the user executes programs stored on the pandemic file server. Although not explicitly stated in the documents, it seems technically feasible that remote computers that provide file shares themselves become new pandemic file servers on the local network to reach new targets.<a href=\"https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/04\/logo@400-nsa.png\" ><img loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-90672 size-medium\" src=\"https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/04\/logo@400-nsa-300x212.png\" alt=\"\" width=\"300\" height=\"212\" srcset=\"https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/04\/logo@400-nsa-300x212.png 300w, https:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2017\/04\/logo@400-nsa.png 399w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<h2 style=\"padding-left: 30px;\">Leaked Documents:<\/h2>\n<p style=\"padding-left: 30px;\"><a target=\"_blank\" href=\"https:\/\/wikileaks.org\/vault7\/document\/Pandemic-1_1-S-NF\/\" >Pandemic 1.1 (S\/NF) <\/a><\/p>\n<p style=\"padding-left: 30px;\"><a target=\"_blank\" href=\"https:\/\/wikileaks.org\/vault7\/document\/RC1-doc-Pandemic-1_1-S-NF\/\" >Pandemic 1.1-RC1 (S\/NF) <\/a><\/p>\n<p style=\"padding-left: 30px;\"><a target=\"_blank\" href=\"https:\/\/wikileaks.org\/vault7\/document\/RC1-doc-IVVRR_Checklist_Pandemic1_1\/\" >Pandemic 1.1-RC1 &#8212; IVVRR Checklist <\/a><\/p>\n<p style=\"padding-left: 30px;\"><a target=\"_blank\" href=\"https:\/\/wikileaks.org\/vault7\/document\/Pandemic-1_0-S-NF\/\" >Pandemic 1.0 (S\/NF) <\/a><\/p>\n<p style=\"padding-left: 30px;\"><a target=\"_blank\" href=\"https:\/\/wikileaks.org\/vault7\/document\/IVVRR_Checklist_Pandemic_1_0\/\" >Pandemic 1.0 &#8212; IVVRR Checklist <\/a><\/p>\n<p>____________________________________________<\/p>\n<p><strong><em>All Releases:<\/em><\/strong><\/p>\n<p><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/05\/vault-7-athena\/\" >Vault 7: Athena<\/a> \u2013 19 May 2017<\/em><\/p>\n<p><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/05\/aftermidnight-assassin-frameworks\/\" >Vault 7: AfterMidnight &amp; Assassin Frameworks<\/a> \u2013 12 May 2017<\/em><\/p>\n<p><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/05\/vault-7-archimedes\/\" >Vault 7: Archimedes \u2013<\/a> 5 May 2017<\/em><\/p>\n<p><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/05\/vault-7-scribbles-project\/\" >Vault 7: Scribbles Project<\/a> \u2013 28 Apr 2017<\/em><\/p>\n<p><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/04\/vault-7-weeping-angel\/\" >Vault 7: Weeping Angel<\/a> \u2013 21 Apr 2017<\/em><\/p>\n<p><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/04\/vault-7-hive-project\/\" >Vault 7: Hive Project<\/a> \u2013 14 Apr 2017<\/em><\/p>\n<p><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/04\/grasshopper\/\" >Vault 7: Grasshopper Framework<\/a> \u2013 7 Apr 2017<\/em><\/p>\n<p><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/04\/marble-framework\/\" >Vault 7: Marble Framework<\/a> \u2013 31 Mar 2017<\/em><\/p>\n<p><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/04\/dark-matter\/\" >Vault 7: Project Dark Matter<\/a> \u2013 23 Mar 2017<\/em><\/p>\n<p><em><a href=\"https:\/\/www.transcend.org\/tms\/2017\/03\/vault-7-cia-hacking-tools-revealed\/\" >Vault 7: CIA Hacking Tools Revealed<\/a> \u2013 7 Mar 2017<\/em><\/p>\n<p><a target=\"_blank\" href=\"https:\/\/wikileaks.org\/vault7\/#Pandemic\" >Go to Original \u2013 wikileaks.org<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today, June 1st 2017, WikiLeaks publishes documents from the &#8220;Pandemic&#8221; project of the CIA, a persistent implant for Microsoft Windows machines that share files (programs) with remote users in a local network. &#8220;Pandemic&#8221; targets remote users by replacing application code on-the-fly with a trojaned version if the program is retrieved from the infected machine.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[60],"tags":[],"class_list":["post-93304","post","type-post","status-publish","format-standard","hentry","category-whistleblowing-surveillance"],"_links":{"self":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/93304","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/comments?post=93304"}],"version-history":[{"count":0,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/93304\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media?parent=93304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/categories?post=93304"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/tags?post=93304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}