#equationgroup — Public Fediverse posts

This happened for quite awhile ago but still worth sharing (at least, for those who want to learn about it)

I will assume the reader of this post knows about Stuxnet, but not fanny.bmp (Stuxnet is *extremely simplified* a malware that affected power plants. Yes.)

(Fannybmp, is *most likely* related to stuxnet since it's kind of the same but *the destruction* part removed, it was mostly made (by someone or some*thing) to probably gather intel before stuxnet would uh.. begin its work)

I made a module (now in the Rapid7's Metasploit repo) to detect fanny.bmp

Why I share this, is because many talk about stuxnet, equationgroup,eqgrp, etc, etc, but none even mentions fanny.bmp (not to the extent I would want at least)

basically, as a malware researcher I want as many as possible to know about this, because fanny.bmp - like stuxnet - might not be "active today" but, it still 'would work' on outdated machines. Which is reason enough, to share this! :)

I have a todo list to make improvements, and to re-write the report about fanny.bmp (a report I did in a hurry before making the actual module) so it's a bit bad, because of the fact it was written in a hurry.

If you use Kali linux and do not have the module, (despite the fact that you should) here is the link!

- https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/forensics/fanny_bmp_check.rb

- https://securelist.com/a-fanny-equation-i-am-your-father-stuxnet/68787/

Have a nice day current reader! :tuturu:

#equationgroup #eqgrp #stuxnet #fannybmp #kali_linux #rapid7

Whether a result of clumsiness of a bored operator or deliberate subterfuge, there are clues that the supposed NSA front Equation Group operated out of Russia. The question remains: What were they doing that for?

Reprising my 2016 article "The Possibly Russian Fingerprints on the Shadow Brokers' Trick or Treat Package", https://bsdly.blogspot.com/2016/11/the-possibly-russian-fingerprints-on.html or trackerless https://nxdomain.no/~peter/possible_russian_fingerprints_on_the_shadow_brokers_trick_or_treat_package.html #cybercrime #hacking #Russian_cybercrime #EquationGroup #ShadowBrokers #NSA #RFC1918

Earlier this year, #CheckPoint Research published the story of “Jian” — an #exploit used by #Chinese threat actor #APT31 which was “heavily inspired by” an almost-identical exploit used by the #EquationGroup, made publicly known by the #ShadowBrokers leak.
https://research.checkpoint.com/2021/a-deep-dive-into-doublefeature-equation-groups-post-exploitation-dashboard/