New CIA Cyberweapon Malware “Pandemic” installed in Victims MachineDefensive Cyber Security

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Cyber Security Defensive Cyber Security New CIA Cyberweapon Malware “Pandemic” installed in Victims Machine

This topic contains 7 replies, has 6 voices, and was last updated by  shahidmscs 1 year, 7 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
  • #93852


    One of the CIA Cyberweapon Called “Pandemic” Document Leaked by Vault 7 Projects of WikiLeaks.This Malware tool Specifically interact and run as kernel shellcode to install File system Driver.
    This Malware will the attack the Victim Machine if user accesses the file via SMB, the Payload files will be Replaced to the Actual Target file .This Function will work in Read-only Mode.
    Already Released CIA cyberweapon’s DoublePulsar and MicroBotMassiveNet having some Sophisticated Futures and also affected by same SMB.

    “Pandemic” Malware’s Actual Goal is to be installed in Victims Machine when the Victims remote users use SMB to download/execute PE files.

    According the Leaked CIA’s “Pandemic” Secret Document, It won’t make sense and it will not replace the Target file if the file is opened on the machine Where Pandemic is running on.

    Pandemic Leads to Unchanged the File But Replaced
    While “Pandemic” entered into the Victims Machine when user accesses the file via SMB,it will not do any physical Changes in the Target Files.
    According to leaked Source of Vault 7 ,Users that are targeted by Pandemic, and use SMB to download the targeted file, will receive the ‘replacement’ file.
    “Pandemic” can operate both 32 and 64 bit .CONOP(Concept of Operation) done by the CIA ,version 1.0 can works only on 64 bit targets.
    A “Pandemic” Tool ability to Replace up to 20 files by using the Latest version of Pandemic 1.0.

    File Information of “Pandemic”
    First version (1.0) of the “Pandemic” Developed on17 April, 2014 by Engineering Development Group of CIA and the versions has been updated on16 January 2015 with some extra capability including Replaced files up to 20 in victims machines.
    Files Executable and DLL looks like Pandemic_Builder.exe, Control.dll
    According to the Leaked Sources File Registry access by “Pandemic” Performs like below

    “S//NF) Pandemic registers a minifilter driver using Windows’ Flt* functions. As a result, FltMgr requires that all drivers registering as minifilters contain certain registry keys. Pandemic uses the ‘Null’ service key (on all Windows systems) as its own driver service key. Pandemic will create 2 sub keys and 3 values under the ‘Null’ service key in the registry. These values and sub keys are deleted when Pandemic is uninstalled at the end of its configured run timer, or when it is uninstalled via a special F&F (v2) DLL.These keys will NOT//NOT be deleted if the system is rebooted before the aforementioned scenarios occur”
    you can Access full Leaked Document of CIA cyber weapon of Pandemic in WikiLeaks.

    • This topic was modified 2 years, 5 months ago by  niraj21.


    Hi everyone
    I hope all is good, I am here to talk on behalf of my professional hacker who are is ethical in his field of profession and 6 years now since we have been working together. I want to let you people know that if you need the service of a professional hacker who can help you fix any form of problem you need solutions you can contact him via email address : goodluck



    Thanks a lot for the info…






    Thanks for sharing.






    Thanks for sharing!



    is there any body who can help in config and way of working of Pandemic, and how to make Pandemic_Builder

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?