Documents
Portalsix Issue #12: AZTECTOMB32 DMW Install and ESH Package
Oct. 20, 2017
DYNAMIC PAGE-HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET //COMINT //REL TO USA , FVEY
You are logged in a
!search FlawMill
[ --- Jump to project ---
~1
flawmillbeta
•
•
•
•
{TS//SI//REL) ROC CT MAC NSAW DMW QUEUE
Issues
Projects
Home
edit
Issue #12: (TS//SI//REL) AZTECTOMB32 DMW Install and ESH Package
8 months ago by
at 18:10, 13 Feb 2012
I
[R]
I
Votes
Actions
•
•
•
•
•
•
Add an UP-date
Add a Subscriber
Subscribe to this Issue
AdoP-tthis Issue
Assign this Issue
Move this Issue
Project Actions
• Submit an Issue
• Return to Project
(TS//SI//REL) Please create a DEMENTIAWHEEL install for AZTECTOMB32 (Has a UR and VAL ID is 610104408). Target is Win 7 32-bit running PSP Kaspersky 2010.
Once DEMENTIAWHEEL is installed , please build a 12:3:1 ESH package (84 total possible infection s) for deployment with AZTECTOMB32. Please make sure all USBs that
are seen will be infected. Detail s :
ESH payload: DEMENTIAWHEEL (Version based off your install) , VALIDATOR (32 and 64-bit)
VALIDATOR setting s: LP: 50
Project Name: AZTECTOMB
32 and 64 bit VALIDATORs
Callback frequency: 1 hour
DEMENTIA WHEEL setting s:
airgapLogFlag = 1
copy AirgapExfilToDi skFlag = 1
Details
Submitted by:
Owner s :
Statu s:
closed
Priority:
high
Tags:
renIY(U) Starting Build
DYNAMIC PAGE-HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET //COMINT //REL TO USA , FVEY
You are logged in a
!search FlawMill
[ --- Jump to project ---
~1
flawmillbeta
•
•
•
•
{TS//SI//REL) ROC CT MAC NSAW DMW QUEUE
Issues
Projects
Home
edit
Issue #12: (TS//SI//REL) AZTECTOMB32 DMW Install and ESH Package
8 months ago by
at 18:10, 13 Feb 2012
I
[R]
I
Votes
Actions
•
•
•
•
•
•
Add an UP-date
Add a Subscriber
Subscribe to this Issue
AdoP-tthis Issue
Assign this Issue
Move this Issue
Project Actions
• Submit an Issue
• Return to Project
(TS//SI//REL) Please create a DEMENTIAWHEEL install for AZTECTOMB32 (Has a UR and VAL ID is 610104408). Target is Win 7 32-bit running PSP Kaspersky 2010.
Once DEMENTIAWHEEL is installed , please build a 12:3:1 ESH package (84 total possible infection s) for deployment with AZTECTOMB32. Please make sure all USBs that
are seen will be infected. Detail s :
ESH payload: DEMENTIAWHEEL (Version based off your install) , VALIDATOR (32 and 64-bit)
VALIDATOR setting s: LP: 50
Project Name: AZTECTOMB
32 and 64 bit VALIDATORs
Callback frequency: 1 hour
DEMENTIA WHEEL setting s:
airgapLogFlag = 1
copy AirgapExfilToDi skFlag = 1
Details
Submitted by:
Owner s :
Statu s:
closed
Priority:
high
Tags:
renIY(U) Starting Build
8 months ago by
at 11:33, 23 Feb 2012
(TS) Took ticket , the PSP is still unevaluated , awaiting testing. Had to change from 12:3: 1 ESH to 10:3: 1 becau se of ESH limitation.
Updates
• Statu s changed from "new " to "accepted "
renIY(U) Built
8 months ago by
at 11:36, 23 Feb 2012
(TS//SI/ /REL) Building complete and in
Awaiting PSP testing and evaluation from lrivera.
Updates
• Statu s changed from "accepted " to "configured/awaiting testing "
renIY(U) On Hold
8 months ago by
at 14:53, 27 Feb 2012
(TS//SI//REL)The new guidance per ROC MD 's and PSP Platform Champion is "NO NEW IMPLANTS ON KASPERSKY 2010+. "
This is becau se Kaspersky 2010+ products have been updated to include the cloud functionality. Until the work around is fixed then nothing can be implanted on them. Any
existing implant s are ok to continue collection from , but no new installation s !
This means for this project , DMW and ESH is a NO GO!
Sorry.
The following link is the PSP advisory from PORTALSIX:
Updates
• Statu s changed from "configured/awaiting testing " to "on hold "
renIY(U) Closed
6 months ago by
sat 13:33, 18 Apr 2012
(TS//SI/ /REL)Clo sed due to PSP, per analyst
Updates
• Statu s changed from "on hold " to "closed "
Add an Update
Summary
Detail s
[ preview
I
Detail s use Wikilnfo- style markup (info) .
Issue Statu s
!clo sed
« [ re-open
I
8 months ago by
at 11:33, 23 Feb 2012
(TS) Took ticket , the PSP is still unevaluated , awaiting testing. Had to change from 12:3: 1 ESH to 10:3: 1 becau se of ESH limitation.
Updates
• Statu s changed from "new " to "accepted "
renIY(U) Built
8 months ago by
at 11:36, 23 Feb 2012
(TS//SI/ /REL) Building complete and in
Awaiting PSP testing and evaluation from lrivera.
Updates
• Statu s changed from "accepted " to "configured/awaiting testing "
renIY(U) On Hold
8 months ago by
at 14:53, 27 Feb 2012
(TS//SI//REL)The new guidance per ROC MD 's and PSP Platform Champion is "NO NEW IMPLANTS ON KASPERSKY 2010+. "
This is becau se Kaspersky 2010+ products have been updated to include the cloud functionality. Until the work around is fixed then nothing can be implanted on them. Any
existing implant s are ok to continue collection from , but no new installation s !
This means for this project , DMW and ESH is a NO GO!
Sorry.
The following link is the PSP advisory from PORTALSIX:
Updates
• Statu s changed from "configured/awaiting testing " to "on hold "
renIY(U) Closed
6 months ago by
sat 13:33, 18 Apr 2012
(TS//SI/ /REL)Clo sed due to PSP, per analyst
Updates
• Statu s changed from "on hold " to "closed "
Add an Update
Summary
Detail s
[ preview
I
Detail s use Wikilnfo- style markup (info) .
Issue Statu s
!clo sed
« [ re-open
I
Issue Priority
!high
« [ low
I [ medium I [ high I [ critical I
Add Tags
....__
_________
__.
Tags should be comma separated
Attach
1mag~ 12atch file issue
[ Post Update
I Portion marking and bold fields are required.
Content Steward: (S//SI//REL)
Page Publisher: (U//FOUO)
Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 20320108
An Innovations Working Grou12Project.
DYNAMIC PAGE-HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET //COMINT //REL TO USA , FVEY
Issue Priority
!high
« [ low
I [ medium I [ high I [ critical I
Add Tags
....__
_________
__.
Tags should be comma separated
Attach
1mag~ 12atch file issue
[ Post Update
I Portion marking and bold fields are required.
Content Steward: (S//SI//REL)
Page Publisher: (U//FOUO)
Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 20320108
An Innovations Working Grou12Project.
DYNAMIC PAGE-HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET //COMINT //REL TO USA , FVEY