If you aren’t familiar with the Shadow Brokers group there’s a decent article here: https://www.theatlantic.com/technology/archive/2017/05/shadow-brokers/527778/

Looking through the leak there’s one interesting thing that I found. Based on the code it looks like the CIA was using these tools in North Korea. There’s lines specifically looking for Silivaccine running on an endpoint.