🇨🇳 #cybersecurity firms are still using information leaked by the #ShadowBrokers (🇷🇺 GRU) to identify alleged #EquationGroup's (🇺🇸 NSA) Hacking Ops inside 🇨🇳 .

So #inversecos looked at several cybersecurity reports on 🇺🇸 APTs.

Full Report 👇
https://www.inversecos.com/2025/02/an-inside-look-at-nsa-equation-group.html

COPY of My linkedin post!

I am finally done with Stuxnet! I will be focusing on another major project (Yeah. You read that right, what is a break without Malware Analysis? Heh.)

It's time to throw the malware NLS_933_DLL into the recycle bin (hence why I start reversing/analyzing and collecting it now)

(It's my way to say "Destroy malwares") (by publishing reversings of Malware, you effectively 'destroy' what the malware authors have spent time,energy and maybe even money on doing) - This has to be the best feeling. Heh!

Have a GREAT day and Weekend on you guys!

MALWARE AHEAD ⚠️   

- https://github.com/loneicewolf/RE-nls_933w_dll

- https://github.com/loneicewolf/nls_933w_dll

- https://github.com/loneicewolf/Stuxnet-Source

- https://github.com/loneicewolf/stuxnet_and_its_twins

- https://github.com/loneicewolf/MALWARE-ANALYSIS-TEMPLATE

#equationgroup #eqgrp #stuxnet #nls #nls933wdll #fanny #fannybmp #malware #reversing #reverse #reverseengineers #lab #computerlab #reverse_engineering

Thank you to everyone who has "been there" while I analyzed and collected stuxnet samples, and thanks to Fyyre and Hasherezades tools, like DrvMon and Cryptoutils respectively. Your tools is what makes my progress possible!

Additionally thanks to all my close friends who always been positive and just existing, without you all I wouldn't be here! ^_^ THANKS!

#malware #reverseengineering #loneicewolf #fyyre #cryptography #malwarereversing #computerlab

❤️ 

I can Finally share this malware sample. As some background context: As I have been getting so, SO many requests "do you have a sample of.." (and each request was about a different malware, mostly 'normal, day to day' malwares, which I dont collect or try to analyze, simply because it's not interesting. And, those will inevitably get detected(if they are atm undetected) by AV's and stuff.

I wanted to share this malware sample. A file related to the IRATEMONK project.

[!]
And, I have begun to make warnings of my samples more clear. I will include one here.

I warn you who reads this -That-
This is a ⚠️ MALWARE SAMPLE ⚠️
do NOT continue until you are 100% SURE about what you are getting yourself into.

hxxps://github [dot] com/loneicewolf/nls_933w_dll

- https://securelist.com/equation-the-death-star-of-malware-galaxy/68750/
- https://www.schneier.com/blog/archives/2014/01/iratemonk_nsa_e.html

- https://www.virustotal.com/gui/file/83d14ce2dcfc852791d20cd78066ba5a2b39eb503e12e33f2ef0b1a46c68de73/detection

- https://www.virustotal.com/gui/file/07fc80ecaa8f12f0d57fbf9627d5505b8f969a84fc3907c31dd68f5022edf643/detection

#github
#iratemonk
#loneicewolf
#eqgrp
#equationgroup
#bootkit
#rootkit
#dll
#firmware_level_malware
#nsa

EquationGroup is most likely the most fascinating thing I have ever learned about in my entire life. And all the interesting malware samples, tools, research and papers about them by others is just mindblowing, Vault8 is something interesting as well, I should pick up some reversing on this topic as well, later on! Especially eqgrp (that is, not only reversing since it's been open for quite awhile now) but the tools and links etc. To what it could be (more than just a toolkit of malware n stuff)

Fanny.bmp I know is DementiaWheel (As Stuxnet is called OlympicGames, I could be wrong here though, cuz I just woke up)

I will also re-make some of the tools just.. for fun? Could be a nice challenge. Most of it is python and others, so I thought why *not* port it to C? As I have done with my 2 reverse shells actually; it was Python3 at first, 2 jupyter notebooks!

#wikileaks #fannybmp #stuxnet
#eqgrp #equationgroup

This happened for quite awhile ago but still worth sharing (at least, for those who want to learn about it)

I will assume the reader of this post knows about Stuxnet, but not fanny.bmp (Stuxnet is *extremely simplified* a malware that affected power plants. Yes.)

(Fannybmp, is *most likely* related to stuxnet since it's kind of the same but *the destruction* part removed, it was mostly made (by someone or some*thing) to probably gather intel before stuxnet would uh.. begin its work)

I made a module (now in the Rapid7's Metasploit repo) to detect fanny.bmp

Why I share this, is because many talk about stuxnet, equationgroup,eqgrp, etc, etc, but none even mentions fanny.bmp (not to the extent I would want at least)

basically, as a malware researcher I want as many as possible to know about this, because fanny.bmp - like stuxnet - might not be "active today" but, it still 'would work' on outdated machines. Which is reason enough, to share this! :)

I have a todo list to make improvements, and to re-write the report about fanny.bmp (a report I did in a hurry before making the actual module) so it's a bit bad, because of the fact it was written in a hurry.

If you use Kali linux and do not have the module, (despite the fact that you should) here is the link!

- https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/forensics/fanny_bmp_check.rb

- https://securelist.com/a-fanny-equation-i-am-your-father-stuxnet/68787/

Have a nice day current reader!  

#equationgroup #eqgrp #stuxnet #fannybmp #kali_linux #rapid7

https://nattothoughts.substack.com/p/china-joins-the-name-and-shame-game

#China #USChinaRelations #infosec #EquationGroup

Whether a result of clumsiness of a bored operator or deliberate subterfuge, there are clues that the supposed NSA front Equation Group operated out of Russia. The question remains: What were they doing that for?

Reprising my 2016 article "The Possibly Russian Fingerprints on the Shadow Brokers' Trick or Treat Package", https://bsdly.blogspot.com/2016/11/the-possibly-russian-fingerprints-on.html or trackerless https://nxdomain.no/~peter/possible_russian_fingerprints_on_the_shadow_brokers_trick_or_treat_package.html #cybercrime #hacking #Russian_cybercrime #EquationGroup #ShadowBrokers #NSA #RFC1918