Pierluigi Paganini July 19, 2017

“This report is a fairly high-level overview of Regin, a very sophisticated malware sample that has been observed in operation since 2013. There are some indications that the malware has been in use since as early as 2008, but most agree that the current iteration of Regin dates to about 2013.”  states the report. “Regin appears to be focused on target surveillance and data collection. The most striking aspect of Regin is its modular architecture, which affords a high degree of flexibility and tailoring of attack capabilities to specific targets. Another impressive aspect of Regin is its stealthiness, its ability to hide itself from discovery and portions of the attack are memoryresident only.”

Report 4 — The report details the “HammerToss” malware which was discovered in early 2015.  The HammerToss is believed to be malicious code developed by Russian State-sponsored hackers that were being operational since late 2014.
“HammerToss is an interesting piece of malware because of its architecture, which leverages Twitter accounts, GitHub or compromised websites, basic steganography, and Cloud-storage to orchestrate command and control (C2) functions of the attack.” states the report.

Report 5 — This document details the self-code injection and API hooking methods of information stealing Trojan called “Gamker.”

“This report details the code injection and API hooking methods of an information
stealing Trojan known as Gamker. This August 2015 three-page report from Virus Bulletin contains more technical detail than many 30+ page reports from other sources. We recommend continued review of Virus Bulletin reports going forward.” states the report.

Below the list of release published by Wikileaks since March:

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  Wikileaks,  UCL RAYTHEON)

[adrotate banner=”13″]