January 10, 2017
The Shadow Brokers who previously stole and leaked a portion of the NSA hacking tools and exploits is back with a Bang!
The hacking group is now selling another package of hacking tools, “Equation Group Windows Warez,” which includes Windows exploits and antivirus bypass tools, stolen from the NSA-linked hacking unit, The Equation Group.
For those unfamiliar with the topic, The Shadow Brokers is a notorious group of black-hat hackers who, in August 2016, leaked exploits, security vulnerabilities, and “powerful espionage tools” created by The Equation Group.
On Saturday, the Shadow Brokers posted a message on their ZeroNet based website, announcing the sale of the entire “Windows Warez” collection for 750 Bitcoin (around US$678,630).
The data dump contains many windows hacking tools, categorized as following:
- Fuzzing tools (used to discover errors and security loopholes)
- Exploit Framework
- Network Implants
- Remote Administration Tools (RAT)
- Remote Code Execution Exploits for IIS, RDP, RPC, SMB Protocols (Some Zero-Days)
- SMB BackDoor (Implant)
Interestingly, the Remote Administration Tool (RAT) “DanderSpritz” included in the list is the one previously leaked in the NSA’s documents revealed by Edward Snowden.
Besides this, malware researcher Jacob Williams analyzed the archive of “screenshots and output of the find command across the dump” provided by the hacker as an evidence of legitimacy and estimated that the tools may also include a Fully Undetectable Malware (FUD) toolkit.