Lmst
Login

#eqgrp

loneicewolfloneicewolf@infosec.exchange
2024-08-03

COPY of My linkedin post!

I am finally done with Stuxnet! I will be focusing on another major project (Yeah. You read that right, what is a break without Malware Analysis? Heh.)

It's time to throw the malware NLS_933_DLL into the recycle bin (hence why I start reversing/analyzing and collecting it now)

(It's my way to say "Destroy malwares") (by publishing reversings of Malware, you effectively 'destroy' what the malware authors have spent time,energy and maybe even money on doing) - This has to be the best feeling. Heh!

Have a GREAT day and Weekend on you guys!

MALWARE AHEAD ⚠️ :hi_cirno:

- github.com/loneicewolf/RE-nls_

- github.com/loneicewolf/nls_933

- github.com/loneicewolf/Stuxnet

- github.com/loneicewolf/stuxnet

- github.com/loneicewolf/MALWARE

#equationgroup #eqgrp #stuxnet #nls #nls933wdll #fanny #fannybmp #malware #reversing #reverse #reverseengineers #lab #computerlab #reverse_engineering

Thank you to everyone who has "been there" while I analyzed and collected stuxnet samples, and thanks to Fyyre and Hasherezades tools, like DrvMon and Cryptoutils respectively. Your tools is what makes my progress possible!

Additionally thanks to all my close friends who always been positive and just existing, without you all I wouldn't be here! ^_^ THANKS!

#malware #reverseengineering #loneicewolf #fyyre #cryptography #malwarereversing #computerlab

❤️ :uwu_cirno:

loneicewolfloneicewolf@infosec.exchange
2024-03-07

I can Finally share this malware sample. As some background context: As I have been getting so, SO many requests "do you have a sample of.." (and each request was about a different malware, mostly 'normal, day to day' malwares, which I dont collect or try to analyze, simply because it's not interesting. And, those will inevitably get detected(if they are atm undetected) by AV's and stuff.

I wanted to share this malware sample. A file related to the IRATEMONK project.

[!]
And, I have begun to make warnings of my samples more clear. I will include one here.

I warn you who reads this -That-
This is a ⚠️ MALWARE SAMPLE ⚠️
do NOT continue until you are 100% SURE about what you are getting yourself into.

:angry_cirno:

hxxps://github [dot] com/loneicewolf/nls_933w_dll

- securelist.com/equation-the-de
- schneier.com/blog/archives/201

- virustotal.com/gui/file/83d14c

- virustotal.com/gui/file/07fc80

#github
#iratemonk
#loneicewolf
#eqgrp
#equationgroup
#bootkit
#rootkit
#dll
#firmware_level_malware
#nsa

loneicewolfloneicewolf@infosec.exchange
2024-02-25

EquationGroup is most likely the most fascinating thing I have ever learned about in my entire life. And all the interesting malware samples, tools, research and papers about them by others is just mindblowing, Vault8 is something interesting as well, I should pick up some reversing on this topic as well, later on! Especially eqgrp (that is, not only reversing since it's been open for quite awhile now) but the tools and links etc. To what it could be (more than just a toolkit of malware n stuff)

Fanny.bmp I know is DementiaWheel (As Stuxnet is called OlympicGames, I could be wrong here though, cuz I just woke up)

I will also re-make some of the tools just.. for fun? Could be a nice challenge. Most of it is python and others, so I thought why *not* port it to C? As I have done with my 2 reverse shells actually; it was Python3 at first, 2 jupyter notebooks!

#wikileaks #fannybmp #stuxnet
#eqgrp #equationgroup

loneicewolfloneicewolf@infosec.exchange
2024-02-24

This happened for quite awhile ago but still worth sharing (at least, for those who want to learn about it)

I will assume the reader of this post knows about Stuxnet, but not fanny.bmp (Stuxnet is *extremely simplified* a malware that affected power plants. Yes.)

(Fannybmp, is *most likely* related to stuxnet since it's kind of the same but *the destruction* part removed, it was mostly made (by someone or some*thing) to probably gather intel before stuxnet would uh.. begin its work)

I made a module (now in the Rapid7's Metasploit repo) to detect fanny.bmp

Why I share this, is because many talk about stuxnet, equationgroup,eqgrp, etc, etc, but none even mentions fanny.bmp (not to the extent I would want at least)

basically, as a malware researcher I want as many as possible to know about this, because fanny.bmp - like stuxnet - might not be "active today" but, it still 'would work' on outdated machines. Which is reason enough, to share this! :)

I have a todo list to make improvements, and to re-write the report about fanny.bmp (a report I did in a hurry before making the actual module) so it's a bit bad, because of the fact it was written in a hurry.

If you use Kali linux and do not have the module, (despite the fact that you should) here is the link!

- github.com/rapid7/metasploit-f

- securelist.com/a-fanny-equatio

Have a nice day current reader! :tuturu:

#equationgroup #eqgrp #stuxnet #fannybmp #kali_linux #rapid7

digital.securityDigitalsecurity@oc.todon.fr
2017-04-17

Dans la boite à outils d'Equation Group | Blog Digital Security
digitalsecurity.fr/fr/blog/dan #eqgrp #FuzzBunch #DanderSpritz

digital.securityDigitalsecurity@oc.todon.fr
2017-04-17

Analyse des données divulguées par The Shadow Brokers le 17 avril 2017 | Blog Digital Security
digitalsecurity.fr/fr/blog/ana #shadowbrokers #eqgrp

Star Hazestarhaze
2017-04-08

So it looks like there's not much targeting switches or windows/modern linux systems? Haven't been able to dig in much this morning

femme Ⓐ Ⓥ 🆓✅femme
2017-04-08

The leak confirms that four telecoms were targeted: mobilink in pakistan, chinamobile, gabon telecom and telesat sattelite provider. One of the things they look for once inside is "IMEIs that have more than one IMSI associated with it".

Shawn Webblattera
2017-04-08

dump of files is now on GitHub: github.com/x0rz/EQGRP

ThaoliaThaolia
2017-04-08

Via @x0rz - I have uploaded the files on my Github github.com/x0rz/EQGRP

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst