The Equation
Group (the group's name comes from the predilection for strong encryption
methods in their operations) is a highly sophisticated threat actor suspected
of being tied to the United States National Security Agency (NSA Ant Catalog). Kaspersky Labs describes them as one of the most
sophisticated cyber-attack groups in the world and "the most advanced ...
we have seen". Most of their targets have been in Iran, Russia, Pakistan, Afghanistan,
India, Syria, and Mali.
With over
500 documented malware infections by the group in at least 42 countries, while
many believe that it is an elite hacking squad, it has also been said that the
Equation Group is not really a group but rather a collection of tools used for
hacking (GrayFish, TripleFantasy, Equestre, Stuxnet, Flame, Gauss, Grok, Fanny
& Regin).
Even with
all these sophisticated pieces of malware, the single greatest achievement of
Equation Group was its ability to infect a hard drive's firmware. The team were
able to infect hard drives from companies such as Western Digital, Maxtor,
Samsung, IBM, Micron, Toshiba, and Seagate… compromising the vast majority of
PC in the world. Equation Group rewrites the firmware creating a secret section
within the drives which are resistant to even military grade wiping and
reformatting.
While
Windows is the operating system of choice, there is evidence that a large
number of infected users in China are using Mac OS X, suggesting that a Mac OS
X version of DoubleFantasy also exists… the same goes for the iPhone.
In August
2016, a hacking group calling itself "The Shadow
Brokers" announced that it had stolen malware
code from the Equation Group (RC6 encryption
algorithm). They published several leaks containing
hacking tools from the National Security Agency (NSA), including several
zero-day exploits (“Lost in Translation” this data dump contains almost 300 MB
of hacking tools and data. It targets a range of Windows client and server
operating systems such as Windows 10, Server 2016, and Linux systems;
applications including the Swift banking system; client-side tools that target
Lotus Domino, Outlook rules, etc. There is even a management framework for
exploit delivery and C2 similar to Metasploit called FuzzBunch). Specifically, these exploits and vulnerabilities targeted
enterprise firewalls, anti-virus products, and Microsoft products.
EASYPI is an IBM
Lotus Notes exploit that gets detected as Stuxnet
ETERNALROMANCE is a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges (MS17-010)
EMERALDTHREAD is a SMB exploit for Windows XP and Server 2003 (MS10-061)
ENGLISHMANSDENTIST sets Outlook Exchange WebAccess rules to trigger executable code on the client's side to send an email to other users
EPICHERO 0-day exploit (RCE) for Avaya Call Server
ERRATICGOPHER is a SMBv1 exploit targeting Windows XP and Server 2003
ETERNALSYNERGY is a SMBv3 remote code execution flaw for Windows 8 and Server 2012 SP0 (MS17-010)
ETERNALBLUE* is a SMBv2 exploit for Windows 7 SP1 (MS17-010)
ESTEEMAUDIT is an RDP exploit and backdoor for Windows Server 2003
ODDJOB is an implant builder and C&C server that can deliver exploits for Windows 2000 and later, also not detected by any AV vendors
EAGERLEVER NBT/SMB exploit for Windows NT4.0, 2000, XP SP1 & SP2, 2003 SP1 & Base Release
PASSFREELY utility which "Bypasses authentication for Oracle servers"
ETERNALROMANCE is a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges (MS17-010)
EMERALDTHREAD is a SMB exploit for Windows XP and Server 2003 (MS10-061)
ENGLISHMANSDENTIST sets Outlook Exchange WebAccess rules to trigger executable code on the client's side to send an email to other users
EPICHERO 0-day exploit (RCE) for Avaya Call Server
ERRATICGOPHER is a SMBv1 exploit targeting Windows XP and Server 2003
ETERNALSYNERGY is a SMBv3 remote code execution flaw for Windows 8 and Server 2012 SP0 (MS17-010)
ETERNALBLUE* is a SMBv2 exploit for Windows 7 SP1 (MS17-010)
ESTEEMAUDIT is an RDP exploit and backdoor for Windows Server 2003
ODDJOB is an implant builder and C&C server that can deliver exploits for Windows 2000 and later, also not detected by any AV vendors
EAGERLEVER NBT/SMB exploit for Windows NT4.0, 2000, XP SP1 & SP2, 2003 SP1 & Base Release
PASSFREELY utility which "Bypasses authentication for Oracle servers"
*ETERNALBLUE The major WannaCry ransomware attack used the ETERNALBLUE attack on Server Message Block (SMB) to spread itself.
Equation
Group Cyber Weapons Auction - Invitation
-
------------------------------------------------
!!! Attention
government sponsors of cyber warfare and those who profit from it !!!!
How much you pay for
enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full
state sponsor tool set? We find cyber weapons made by creators of stuxnet,
duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic.
We find Equation Group source range. We hack Equation Group. We find many many
Equation Group cyber weapons. You see pictures. We give you some Equation Group
files free, you see. This is good proof no? You enjoy!!! You break many things.
You find many intrusions. You write many words. But not all, we are auction the
best files. .
- --------------------
We auction best files
to highest bidder. Auction files better than stuxnet. Auction files better than
free files we already give you. The party which sends most bitcoins to address:
19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK before bidding stops is winner, we tell how
to decrypt. Very important!!! When you send bitcoin you add additional output
to transaction. You add OP_Return output. In Op_Return output you put your
(bidder) contact info. We suggest use bitmessage or I2P-bote email address. No
other information will be disclosed by us publicly. Do not believe unsigned
messages. We will contact winner with decryption instructions. Winner can do
with files as they please, we not release files to public.
Russia?
Edward Snowden stated on August 16, 2016 that "circumstantial evidence and conventional wisdom indicates Russian responsibility" and that the leak "is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server" summarizing that it looks like "somebody sending a message that an escalation in the attribution game could get messy fast".
Edward Snowden stated on August 16, 2016 that "circumstantial evidence and conventional wisdom indicates Russian responsibility" and that the leak "is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server" summarizing that it looks like "somebody sending a message that an escalation in the attribution game could get messy fast".
The
real problem.
The problem is that we, the laymen are
intentionally being kept illiterate. Schools will teach us how to use Microsoft
Word & Office, as if there were no other options out there (Free Office, Libre Office, WPS Office), but they will not even dare to
teach the basics of how a computer works, let’s not even talk about basic
coding skills. Mostly because the teachers themselves are completely
illiterate… and that comes from the corporate world. We are just here to
consume and to wait until the piece of hardware we have bought is obsolete,
then we buy again, without even knowing how it works. Without even knowing its
true potential. Yes, it is also a sad reflection of ourselves as
individuals.
www.feexit.mx
rp@feexit.mx
@feexitmx