Jump to content

MSU kb files in wikileaks vault-7


Recommended Posts

Posted (edited)

I'm decrypting the wikileaks Vault-7 file released last night, and I'm seeing a bunch of MS .MSU files inside this 500 mb archive.  I'm not sure what this means or why they're there.  These are somehow related to the CIA and their ability to hack various platforms, phones, and OS's.



 

Edited by Nomen

Posted

These are the files:

IE10-Windows6.1-KB3032359-x64.msu
IE9-Windows6.1-KB3032359-x64.msu
Windows6.1-KB3000483-x64.msu
Windows6.1-KB3004361-x64.msu
Windows6.1-KB3013455-x64.msu
Windows6.1-KB3019215-x64.msu
Windows6.1-KB3019978-x64.msu
Windows6.1-KB3020387-x64.msu
Windows6.1-KB3020388-x64.msu
Windows6.1-KB3020393-x64.msu
Windows6.1-KB3021674-x64.msu
Windows6.1-KB3022777-x64.msu
Windows6.1-KB3023562-x64.msu
Windows6.1-KB3029944-x64.msu
Windows6.1-KB3030377-x64.msu
Windows6.1-KB3031432-x64.msu
Windows6.1-KB3032323-x64.msu
Windows6.1-KB3032359-x64.msu
Windows6.1-KB3033889-x64.msu
Windows6.1-KB3034344-x64.msu
Windows6.1-KB3035017-x64.msu
Windows6.1-KB3035126-x64.msu
Windows6.1-KB3035131-x64.msu
Windows6.1-KB3035132-x64.msu
Windows6.1-KB3036493-x64.msu
Windows6.1-KB3039066-x64.msu
Windows6.1-KB3046049-x64.msu

(wasn't sure if I should post this thread to the win-7 forum or here, since I think a lot of the same people would be interested in this no matter where it's posted)

 

Posted

I've uploaded maybe 6 or 7 of these .msu files to VT and all but one of them tested positive for W32.Virus.Jeefo.Gen as detected by "Webroot" AV program.  All other AV programs detected nothing.
 

Posted

None of the MSU/KB files have the hash value in the file name? I wonder if you could find other versions of the MSU file to compare the contents against. Also you should also have VT test those other ones as well, even known "good" one from the update catalog. It may just be a quirk of detection, like how some AV programs will detect anything packed with UPX as being a virus.

Posted

Over the past day or two I've downloaded all these same .MSU files from MS and they do compare (byte-for-byte) with the files in the wikileaks vault-7 archive.   I don't know if there's a master document that's part of this archive that explains the layout of the archive, what certain files are, their relevance or meaning, etc.   The significance of why those particular MSU files are there remains unknown.


 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...