-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 02/17/2015 04:56 PM, Alfie John wrote:
Does anyone know of any tools to extract the Equation Group's malware from hard drive firmware?
- From talking with some folks who've dumped and reverse engineered other kinds of firmware, the JTAG interface (http://www.corelis.com/education/JTAG_Tutorial.htm) seems like it'd be a good place to start. That, and digging up the datasheets on as many of the integrated circuits on the boards in question.
Also, are there any public registries online to report and view infections?
Not offhand. I'd be curious, too. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Covalent bonding: Sharing is caring! -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJU5N3NAAoJED1np1pUQ8RkQzsP/2gApXEcFml+SX+9P5CVpAhT MAhnQHxtJ53Pk44WL+/bt2+QcejfyK+PjNmcFHtAXOyr86vnqCv6OsHVcnTEuJZ9 6HvR3n06bEDy1g/OzuO8RlmYsmkNaHrLb1keou26rtthFBBvqD5VRJQQyD7xi+mu 89466rdtdDqPEcBxivqmJp8Rx4NU/V9vXXQ1pE76t13CfbFUMPRIZwQs6SVlvS2+ Jc16k9JSO+rbj9ciHn4nBq3eq6p4ZMK95m235Okn4SkuKc9vJGNWHrOme9tP9qXa 3EpABQsL7bbT+kL0lFNB0jQj0Bb44KIuMCje89k9GO7LbOr/775p12q/v6G4oE1X EQ5KIQmZLNUx2P+QChAW3AYuNoVqIkLMKOd7M/bqu9KnQrrpWtQ5G+eskMOvRToA 2guj8nyIrqniVCqr4dQVZKF2f75CGd1tw46t4NCV5xHJRK5gBuJIGSnZ06WYQVRB 0L87/fLw4faZNLPlJ0mMg98Q0sZYlnQUREPkStVX+ZB2hw22h3x2lPsMppPTolkA tvv7oEtZsBRGT+bhrEO5Apz3Aa7JMkVjn7j2i8K7IrQBUTPOVLiSAgAMen2IKj/G ks+drxLjPKSamMHlP5ycAdOBgiz4/9PI7WiKsU0BrI4b98OrxPmlnCghKOyCMHFc qJIEby0Ch6YPvAbvBmGC =LN8k -----END PGP SIGNATURE-----