Today, May 12th 2017, WikiLeaks publishes “AfterMidnight” and “Assassin”, two CIA malware frameworks for the Microsoft Windows platform. “AfterMidnight” allows operators to dynamically load and execute malware payloads on a target machine. The main controller disguises as a self-persisting Windows Service DLL and provides secure execution of “Gremlins” via a HTTPS based Listening Post (LP) system called “Octopus”. Once installed on a target machine AM will call back to a configured LP on a configurable schedule, checking to see if there is a new plan for it to execute.

https://wikileaks.org/vault7/#AfterMidnight