Bear source codes - USCERT

Emily Crose filed this request with the United States Computer Emergency Readiness Team of the United States of America.
Tracking #

2020-HQFO-00117, 2020-NPFO-00020


Est. Completion None
No Responsive Documents


From: Emily Crose

To Whom It May Concern:

Pursuant to the Freedom of Information Act, I hereby request the following records:

Source code and binaries for all of the analyzed tools contained in the (attached) 2017 GRIZZLY STEPPE report. Tools referenced in this report include "X-AGENT/CHOPSTICK", "DOWNRAGE", "IMPLANT 4", "IMPLANT 5", "IMPLANT 6", "IMPLANT 7", "IMPLANT 8", "IMPLANT 9", "IMPLANT 10", "IMPLANT 11", and "IMPLANT 12".
For any additional referenced tools included in this report, I will file additional FOIA requests.

The requested documents will be made available to the general public, and this request is not being made for commercial purposes.

In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 20 business days, as the statute requires.


Emily Crose

  • AR-17-2004520Enhanced20Analysis20of20GRIZZLY20STEPPE20Activity.pdf

From: United States Computer Emergency Readiness Team

Good Afternoon, Attached is our final response to your request.  If you need to contact this office again concerning your request, please provide the DHS reference number. This will enable us to quickly retrieve the information you are seeking and reduce our response time. This office can be reached at 866-431-0486. Regards, DHS Privacy Office
Disclosure & FOIA Program
STOP 0655
Department of Homeland Security
245 Murray Drive, SW
Washington, DC 20528-0655
Telephone:  1-866-431-0486 or 202-343-1743
Fax:  202-343-4011
Visit our FOIA website

From: Emily Crose

Thank you, James. I appreciate it.

From: United States Computer Emergency Readiness Team

FOIA Case#: 2020-NPFO-00020

Ms. Crose,

This office is currently in receipt of your attached FOIA request. In order to process your request, this office needs the date parameters in which you would like for us to search.

Your request will be placed on hold for 30 days or until you provide the dates (whichever comes soonest). Should you fail to provide the dates within the 30 days, this office will close your request.

We look forward to hearing from you soon.

Please reference your FOIA case number above for a speedier reply.


Cybersecurity and Infrastructure Security Agency
U.S. Department of Homeland Security
Desk: 703-235-2211

From: Emily Crose

Please append the dates of January 1 2014 and January 1 2019 to this request.

From: United States Computer Emergency Readiness Team

November 13, 2019 Emily Crose MuckRock News DEPT MR 82124 411A Highland Ave Somerville, MA 02144-2516 RE: CISA Case Number 2020-NPFO-00020 Dear Ms. Crose: This acknowledges receipt of yourNovember 08, 2019, Freedom of Information Act (FOIA) request to U.S. Departmentof Homeland Security (DHS), Cybersecurity & Infrastructure Security Agency (CISA), for source code and binaries for all of the analyzed tools contained in the (attached) 2017 GRIZZLY STEPPE report. Tools referenced in this report include "X-AGENT/CHOPSTICK", "DOWNRAGE", "IMPLANT 4", "IMPLANT 5", "IMPLANT 6", "IMPLANT 7", "IMPLANT 8", "IMPLANT 9", "IMPLANT 10", "IMPLANT 11", and "IMPLANT 12"(Date Range for Record Search: From 1/1/2014 To 1/1/2019). Your requestwas received in this office on November 13, 2019. Due to the increasing number of FOIA requests received bythis office, we may encounter some delay in processing your request. PerSection 5.5(a) of the DHS FOIA regulations, 6 C.F.R. Part 5, CISA processes FOIA requests according to their order ofreceipt. Although CISA’s goal is to respond within 20 business days of receiptof your request, the FOIA does permit a 10- day extension of this time period.As your request seeks numerous documents that will necessitate a thorough andwide-ranging search, CISA will invoke a 10-day extension for your request, asallowed by Title 5 U.S.C. § 552(a)(6)(B). If you care to narrow the scope ofyour request, please contact our office. We will make every effort to complywith your request in a timely manner. Provisions of the FOIA allow us torecover part of the cost of complying with your request. We shall charge you for records in accordancewith the DHS FOIA regulations, as they apply to media requesters. As a media requester, you will be charged 10cents per page for duplication; the first 100 pages are free. We will construe the submission of yourrequest as an agreement to pay up to $25.00. You will be contacted before anyfurther fees are accrued. We have queried the appropriate program offices within CISA for responsive records. If any responsive records are located, they will bereviewed for determination of releasability. Please be assured that one of theprocessors in our office will respond to your request as expeditiously aspossible. We appreciate your patience as we proceed with your request. If you have any questions or wish to discussreformulation or an alternative time frame for the processing of your request,please contact FOIA office. You may sendan e-mail to NPPD.FOIA@HQ.DHS.GOV ,call free 703-235-2211 , or you may contact our FOIA Public Liaison inthe same manner. Additionally, you havea right to seek dispute resolution services from the Office of GovernmentInformation Services (OGIS) which mediates disputes between FOIA requesters andFederal agencies as a non-exclusive alternative to litigation. If you are requesting access to your ownrecords (which is considered a Privacy Act request), you should know that OGISdoes not have the authority to handle requests made under the Privacy Act of1974. You may contact OGIS asfollows: Office of GovernmentInformation Services, National Archives and Records Administration, 8601Adelphi Road-OGIS, College Park, Maryland 20740-6001, e-mail at;telephone at 202-741-5770; toll free at 1-877-684-6448; or facsimile at202-741-5769. Your request has been assigned reference number 2020-NPFO-00020. Please refer to thisidentifier in any future correspondence. Tocheck the status of an CISA FOIA request, please visit . Please note that to check the status of a request, you must enter the 2020-NPFO-00020 tracking number. Sincerely, CISA FOIA

From: United States Computer Emergency Readiness Team


Please see CISA's Final Response to your FOIA request.


Shalanda A. Campbell
Administrative Specialist, FOIA
Cybersecurity and Infrastructure Security Agency
U.S. Department of Homeland Security
Desk: 703-872-7015
Cellphone: 202-878-0116<>

"Defensor Fortis" - "Defenders of the Force"
-U.S. Air Force Security Forces