Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//NOFORN
(S//NF) Two different remote users that share the same machine (does not apply
to VMs on the same machine), but log into the Pandemic machine using different
user accounts (different SIDs) could cause targeting issues. If user account A on
the remote machine is targeted, but user account B on the same machine is not,
then the following issue can occur:
User A is running WinHex.exe, the targeted application, directly from the
Pandemic File Server (PFS). User A really is running a Trojan'd copy of
WinHex.exe. User B logs into the PFS and also directly executes
WinHex.exe. User B, while not targeted, will still receive the Trojan'd
WinHex.exe. This is because the machine that User A and User B share is
caching the file.
The following scenarios will not//not trigger the issue:
User A is running WinHex.exe, the targeted application, directly from the
Pandemic File Server (PFS). User A really is running a Trojan'd copy of
WinHex.exe. User A is running off a VM on the remote machine. User B
then gets on the remote machine and logs into the PFS using a separate VM,
or the machine itself. User B will get the correct version of WinHex.exe
User A and User B are on different remote systems
User A is running the Trojan'd WinHex.exe. User B then gets on the same
machine, and downloads WinHex.exe from the PFS to the local machine
before executing the local copy. User B will get the correct copy of
WinHex.exe.
SECRET//NOFORN
8

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh