Most of the vulnerabilities in the published dumps were patched by Microsoft in March 2017.
Amongst the dump are several vulnerabilities that can be used to target various Windows operating systems ranging from Windows XP to Windows 2016. These dumps include vulnerabilities, tools, operative notes from (allegedly) the NSA and a framework for running exploits and building malware. On the 14 th of April the group made available three more data dumps. This dump included several tools and vulnerabilities for attacking Linux and other Unix based operating systems and applications.
On April 8 th, 2017 The Shadow Brokers published the password for one of the encrypted dumps that was made public last year. The actor behind the tools and exploits has also been called “Equation Group”. At the time, the group was not able to sell the dumps at their desired price. The dump consisted of multiple tools and information about vulnerabilities for a wide range of applications and operating systems. Last year a group named “The Shadow Brokers” attempted to auction a data dump allegedly claimed to come from the NSA.
Update : Added update to summary regarding the Petya/ NotPetya/ GoldenEye ransomware spreading. For more information about this, please visit our latest advisory here. Update : Added update to summary regarding the WannaCry ransomworm that spread across the Internet on Friday May 12th by leveraging the EternalBlue exploit. Updated summary to reflect that Argus Continuous Vulnerability Monitoring (part of the Argus Managed Defence suite) customers will now receive notifications if any of their internal or external systems have “DoublePulsar” installed. Update : Added update that the number of compromised hosts with “DoublePulsar” installed is now reported to be more than 200 000 machines. Update : Added update to summary that as of, approximately 15 000 systems have been observed to be compromised with "DoublePulsar". Update : Added CVE details to exploits (where available), new exploits, updated descriptions, updated summary, added references. Update : Confirmed observations of ransomware distribution leveraging the leaked NSA exploits. Is an IIS 6.Update : Added new tools and 0-days against Solaris, Redhat, Avaya Call Server and Samba. Is an exploit for IBM Lotus Domino 6.5.4 to 7.0.2 Is an IBM Lotus Notes exploit that gets detected as Stuxnet
en_us/article/shadow-brokers-dump-alleged-windows-exploits-and-nsa-presentations-on-targeting-banksĪppears to be an MDaemon email server vulnerability en_us/article/the-latest-shadow-brokers-dump-of-alleged-nsa-tools-is-awful-news-for-the-internet In fact, they may be here reading this right now. The NSA knew about the theft of their tools 96 days ago, yet the vulns released today proves the NSA failed to tell Microsoft about the vulns and possible leaks, oops! Their message contained the word Kek and the password to the encrypted files was REEEEEEEEE, so I think it's obvious the Shadow Brokers are one of us. Also, it was revealed that the NSA hacked into the SWIFT network and set up backdoors to monitor financial translations. Why isn't /pol/ and /baph/ all over this shit? We could be hacking the ADL right now.
That means anyone can download the tools and own any Windows machine connected to the Internet right now. Last week was old vulnerabilities, this week they dumped EIGHT NEW ZERO-DAY VULNS IN WINDOWS. Сообщение: Shadow Group released another dump, this time with some fucking juicy ass shit.