The following table contains the confirmed malware residing on the Wikileaks site. The list is by no means exhaustive; I am just starting with the analysis. But what is listed below is definitely malware; no doubts about it.
The first column contains a link to the e-mail on the Wikileaks site that contains the malicious attachment. The e-mail itself is safe to view (although the text is usually spam/scam/phish/whatever).
The second column contains the URL on the Wikileaks site where the malicious attachment to this e-mail message resides. Since this is a direct link (i.e., clicking it would result in the malware being directly downloaded to your PC), I have obfuscated the link by replacing "https" with "hxxxx" and putting square brackets around the dot in ".org", in order to make the link non-clickable. If you desire to download the malware and check for yourself that it is, indeed, malware, you can trivially deobfuscate the link - just, please, do be careful.
The third column contains links leading to a VirusTotal page, showing how the different scanners are reporting the malware. Those are safe to click.
Qudos to Hasherazade for making her tool VTScan for batch querying VirusTotal publicly available.
Wikileaks e-mail
Wikileaks URL to the malicious attachment
VirusTotal analysis
36138 hxxxx://wikileaks[.]org/akp-emails/fileid/36138/20098 F36CB35F410AB65958A6CCA846737A9C
Continued as the list is long.....
Bookmarks