{
	"id": "6ec4bb6d-6b6d-450c-97a3-6a908d876e44",
	"created_at": "2026-04-06T00:20:10.418279Z",
	"updated_at": "2026-04-10T03:20:27.088723Z",
	"deleted_at": null,
	"sha1_hash": "0848cd09dfe74c5bc195ee56fc8cc2c4881a351f",
	"title": "GitHub - infoskirmish/hive: The CIA Hive source code as released by Wikileaks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 31114,
	"plain_text": "GitHub - infoskirmish/hive: The CIA Hive source code as released\r\nby Wikileaks\r\nBy infoskirmish\r\nArchived: 2026-04-05 13:44:24 UTC\r\nFrom WikiLeaks:\r\nToday, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major\r\ncomponent of the CIA infrastructure to control its malware.\r\nHive solves a critical problem for the malware operators at the CIA. Even the most sophisticated\r\nmalware implant on a target computer is useless if there is no way for it to communicate with its\r\noperators in a secure manner that does not draw attention. Using Hive even if an implant is discovered\r\non a target computer, attributing it to the CIA is difficult by just looking at the communication of the\r\nmalware with other servers on the internet. Hive provides a covert communications platform for a\r\nwhole range of CIA malware to send exfiltrated information to CIA servers and to receive new\r\ninstructions from operators at the CIA.\r\nHive can serve multiple operations using multiple implants on target computers. Each operation\r\nanonymously registers at least one cover domain (e.g. \"perfectly-boring-looking-domain.com\") for its\r\nown use. The server running the domain website is rented from commercial hosting providers as a VPS\r\n(virtual private server) and its software is customized according to CIA specifications. These servers are\r\nthe public-facing side of the CIA back-end infrastructure and act as a relay for HTTP(S) traffic over a\r\nVPN connection to a \"hidden\" CIA server called 'Blot'. source: https://wikileaks.org/vault8/\r\nSource: https://github.com/infoskirmish/hive\r\nhttps://github.com/infoskirmish/hive\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://github.com/infoskirmish/hive"
	],
	"report_names": [
		"hive"
	],
	"threat_actors": [],
	"ts_created_at": 1775434810,
	"ts_updated_at": 1775791227,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0848cd09dfe74c5bc195ee56fc8cc2c4881a351f.pdf",
		"text": "https://archive.orkl.eu/0848cd09dfe74c5bc195ee56fc8cc2c4881a351f.txt",
		"img": "https://archive.orkl.eu/0848cd09dfe74c5bc195ee56fc8cc2c4881a351f.jpg"
	}
}