Newly discovered NSA malware is really cool
| Big purple principal's office masturbator | 03/16/18 | | Big purple principal's office masturbator | 03/17/18 | | Thirsty demanding senate stock car | 03/17/18 | | Deranged boistinker | 03/17/18 | | Charismatic embarrassed to the bone striped hyena dilemma | 03/17/18 |
Poast new message in this thread
|
Date: March 17th, 2018 7:22 PM Author: Big purple principal's office masturbator
Following infection, Slingshot would load a number of modules onto the victim device, including two huge and powerful ones: Cahnadr, the kernel mode module, and GollumApp, a user mode module. The two modules are connected and able to support each other in information gathering, persistence and data exfiltration.
The most sophisticated module is GollumApp. This contains nearly 1,500 user-code functions and provides most of the above described routines for persistence, file system control and C&C communications.
Canhadr, also known as NDriver, contains low-level routines for network, IO operations and so on. Its kernel-mode program is able to execute malicious code without crashing the whole file system or causing Blue Screen - a remarkable achievement. Written in pure C language, Canhadr/Ndriver provides full access to the hard drive and operating memory despite device security restrictions, and carries out integrity control of various system components to avoid debugging and security detection.
(http://www.autoadmit.com/thread.php?thread_id=3920865&forum_id=1024#35627900) |
|
|