Skip to main content

Posts

Showing posts with the label magistr

Wikileaks Malware Analysis Continued

Yesterday I released a blog post in which I explained that at least one Wikileaks property, wlstorage.net, is distributing a series of malicious program s as part of a torrent file dump related to the Global Intelligence Files retrieved from Stratfor by Jeremy Hammond and several others. I am slowly going through the malicious files in order to better understand what they are attempting to do. The work primarily involves extracting Visual Basic macros and OBE structures from documents, disassembling executables that are thus scraped from the payload document. Even for files using well documented exploits, as many of these files are, this is slow-going and tedious work that I invite readers experienced in security research to contact me about to offer assistance. One such executable retrieved from the Stratfor files is gifiles-2014\gifiles\attach\151\151784_Command.com . As with the files reviewed yesterday, this was retrieved from the  gifiles-2014.tar.gz.torrent file downloaded fr