| Developers: | Central Intelligence Agency (CIA) |
At the end of August, 2017 the WikiLeaks website published a new portion of the documents describing the malicious software developed in CIA. This time it is about the Angelfire project, the specialized software environment intended for infection of computers based on Windows.[1]
According to the published user guide, Angelfire includes five different components, at each of which own appointment:
1. Solartime - a malware - the modifier of the Windows boot sector opening a system for the second component - Wolfcreek. 2. Wolfcreek is the self-loading driver which then can load other drivers and applications. 3. Keystone is the component which is responsible for start of other "implants" (so in technical documents the malware hereinafter is referred to). 4. BadMFS is the hidden file system created on final border of active disk partition. Angelfire uses BadMFS for storage of other components. All files are ciphered and disguised by obfuscation. 5. Windows Transitory File System is newer component, BadMFS alternative. Instead of storage of files in the confidential file system, this component uses temporary files for data storage.
According to the published documentation, Angelfire works at 32-and 64-bit versions Windows XP, Windows 7 and 64-bit versions Windows Server 2008 R2.
It is interesting that unlike many other hacker tools of CIA, Angelfire looks enough "damp". The set of problems which were not solved is listed in documents to it. For example, it is known that anti-virus solutions can reveal presence of BadMFS according to the file with the name zf. Besides, if some of the Angelfire components "falls", to the user the window with information on it is displaid.
It is known also that process of Keystone is always displaid as C:\Windows\system32\svchost.exe including when Windows is installed on any other logical partition of a disk - for example, D.
 | Similar tools are ordinary developed under a specific purpose, and only then are used serially — Georgy Lagoda, the CEO of SEC Consult Services company believes. — Perhaps, Angelfire was not licked into shape because the need in it quickly disappeared. |  |
It is already the 19th publication of WikiLeaks devoted to tools of CIA within the campaign Vault 7. And, most likely, not the last.
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |