Tuesday, February 11, 2014

WISTFULTOLL: NSA Exploit of the Day

Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog:
WISTFULTOLL (TS//SI//REL) WISTFULTOLL is a UNITEDRAKE and STRAITBIZZARE plug-in used for harvesting and returning forensic information from a target using Windows Management Instrumentation (WMI) calls and Registry extractions.
(TS//SI//REL) This plug-in supports systems running Microsoft Windows 2000, 2003, and XP.
(TS//SI//REL) Through remote access or interdiction, WISTFULLTOLL is executed as either a UNITEDRAKE or STRAITBAZZARE plug-in or as a stand-alone executable. If used remotely, the extracted information is sent back to NSA through UNITEDRAKE or STRAITBAZZARE. Execution via interdiction may be accomplished by non-technical operator through use of a USB thumb drive, where extracted information will be saved to that thumb drive.
Status: Released / Deployed. Ready for Immediate Delivery
Unit Cost: $0
Note: Inconsistencies in spelling are all [sic].
Page, with graphics, is here. General information about TAO and the catalog is here.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.