Equation Group - Cyber Weapons Auction
http://pastebin.com/NDTU5kJQ a guest Aug 13th, 2016 27,472 Never -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 From: bitmessage = BM-NBvAHfp5Y6wBykgbirVLndZtEFCYGht8 i2p-bote = o1uHOkOcMoFEa7O7dbEilzfMvWzo7bDu~td3x9gYz4b4t5OriJ7U6GUWr5GZoWxQ9f2TrIY5RzhpIMVP6hTLXZ Equation Group Cyber Weapons Auction - Invitation - ------------------------------------------------ !!! Attention government sponsors of cyber warfare and those who profit from it !!!! How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files. Picture Urls - ------------ http://imgur.com/a/sYpyn https://theshadowbrokers.tumblr.com/ https://github.com/theshadowbrokers/EQGRP-AUCTION File Urls - ---------- magnet:?xt=urn:btih:40a5f1514514fb67943f137f7fde0a7b5e991f76&tr=http://diftracker.i2p/announce.php https://mega.nz/#!zEAU1AQL!oWJ63n-D6lCuCQ4AY0Cv_405hX8kn7MEsa1iLH5UjKU https://app.box.com/s/amgkpu1d9ttijyeyw2m4lso3egb4sola https://www.dropbox.com/s/g8kvfl4xtj2vr24/EQGRP-Auction-Files.zip https://ln.sync.com/dl/5bd1916d0#eet5ufvg-tjijei4j-vtadjk6b-imyg2qkd https://yadi.sk/d/QY6smCgTtoNz6 Free Files (Proof) - ------------------ eqgrp-free-file.tar.xz.gpg sha256sum = b5961eee7cb3eca209b92436ed7bdd74e025bf615b90c408829156d128c7a169 gpg --decrypt --output eqgrp-free-file.tar.xz eqgrp-free-file.tar.xz.gpg Password = theequationgroup Auction Files - ------------- eqgrp_auction_file.tar.xz.asc sha256sum = af1dabd8eceec79409742cc9d9a20b9651058bbb8d2ce60a0edcfa568d91dbea Password = ???? Auction Instructions - -------------------- We auction best files to highest bidder. Auction files better than stuxnet. Auction files better than free files we already give you. The party which sends most bitcoins to address: 19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK before bidding stops is winner, we tell how to decrypt. Very important!!! When you send bitcoin you add additional output to transaction. You add OP_Return output. In Op_Return output you put your (bidder) contact info. We suggest use bitmessage or I2P-bote email address. No other information will be disclosed by us publicly. Do not believe unsigned messages. We will contact winner with decryption instructions. Winner can do with files as they please, we not release files to public. FAQ - --- Q: Why I want auction files, why send bitcoin? A: If you like free files (proof), you send bitcoin. If you want know your networks hacked, you send bitcoin. If you want hack networks as like equation group, you send bitcoin. If you want reverse, write many words, make big name for self, get many customers, you send bitcoin. If want to know what we take, you send bitcoin. Q: What is in auction files? A: Is secret. Equation Group not know what lost. We want Equation Group to bid so we keep secret. You bid against Equation Group, win and find out or bid pump price up, piss them off, everyone wins. Q: What if bid and no win, get bitcoins back? A: Sorry lose bidding war lose bitcoin and files. Lose Lose. Bid to win! But maybe not total loss. Instead to losers we give consolation prize. If our auction raises 1,000,000 (million) btc total, then we dump more Equation Group files, same quality, unencrypted, for free, to everyone. Q: When does auction end? A: Unknown. When we feel is time to end. Keep bidding until we announce winner. Q: Why I trust you? A: No trust, risk. You like reward, you take risk, maybe win, maybe not, no guarantees. There could be hack, steal, jail, dead, or war tomorrow. You worry more, protect self from other bidders, trolls, and haters. Closing Remarks - -------------------------------------------------- !!! Attention Wealthy Elites !!! We have final message for "Wealthy Elites". We know what is wealthy but what is Elites? Elites is making laws protect self and friends, lie and fuck other peoples. Elites is breaking laws, regular peoples go to jail, life ruin, family ruin, but not Elites. Elites is breaking laws, many peoples know Elites guilty, Elites call top friends at law enforcement and government agencies, offer bribes, make promise future handjobs, (but no blowjobs). Elites top friends announce, no law broken, no crime commit. Reporters (not call journalist) make living say write only nice things about Elites, convince dumb cattle, is just politics, everything is awesome, check out our ads and our prostitutes. Then Elites runs for president. Why run for president when already control country like dictatorship? What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what "Equation Group" can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? "Do you feel in charge?" Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you? bitmessage = BM-NBvAHfp5Y6wBykgbirVLndZtEFCYGht8 i2p-bote = o1uHOkOcMoFEa7O7dbEilzfMvWzo7bDu~td3x9gYz4b4t5OriJ7U6GUWr5GZoWxQ9f2TrIY5RzhpIMVP6hTLXZ END MESSAGE -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXrr2sAAoJEAQSTyzLXAwbVzwP/jR5sQcS8VzH2jmuRjbE6RLV P3RkY6RWyyTyCtTiyTXK4RtWQoz8CfEjnXdIaR3BIZG4u827iI2fbQMVlWu0jMn4 NYN1I/neBoDaagApRgGQqYXip3IdHsqJennOAxRqr0ZoOgJ3IVtiZK8/6vtEnXRK 03IJvKu0zOVROuP0a9OPX0jko2g3Rl2tvo1ljkU1bqLKHs6xb1VzmdoqlAOYR1Bv 4Kb/Gbr6uc5fG84sM8FzSdiyJgS3U21SqfUENyFLyyP05iCyKCybFMne1JckFre8 gI/nUhdRHJaETYorY49PTQvdBaD30aT1I7efyAAM9uxsF97Au/UEvk0hkzh0YfoR /m+htNKlaP/oclL5GhJEq2O4wWb1KJuyrHU3FZYdUWRA4SlELBb0oR64cw/8kDo+ 6WftSANdlolgQLMbng2/ORGTeXHQ033mX6Op93o2oZUuNNhHvR1PnhWPUA2vMcIs ndo6YuYV2TZR/4GVNiJYQhTcWVNZ7a10FuvWk7yyHkTKXRVHG43G5Rzzm9ZxMUcL DMAExiPnrehGYTcxrrOP28RB+Mw7Is5YwRpc/h0mwDYGijjUzXGLXPWKFLa8ksxR zdaUnAjJzhVwR4IVGmGlU687Ox0FayJz9LAhst5eiittciY0iooz8YLee8hrxD7C XqUIpr4n+QKMYs4AfWd+ =5yni -----END PGP SIGNATURE-----
On Thu, Aug 18, 2016 at 12:11:11AM -0400, grarpamp wrote:
The auction live on air: https://blockchain.info/address/19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK So far a total of 1.723... bitcoins in 26 transactions. Someone claimed that raising a million is extremely unrealistic, since currently there are only about 16M bitcoins, a lot of them locked by early adopters (the constants might be wrong). This auction is similar to crowdfunding "fuck the NSA" experiment. Or even the cyber version of AP. (Assuming it is not scam).
On Thu, Aug 18, 2016 at 09:17:09AM +0300, Georgi Guninski wrote:
On Thu, Aug 18, 2016 at 12:11:11AM -0400, grarpamp wrote:
The auction live on air: https://blockchain.info/address/19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK So far a total of 1.723... bitcoins in 26 transactions. Someone claimed that raising a million is extremely unrealistic, since currently there are only about 16M bitcoins, a lot of them locked by early adopters (the constants might be wrong).
This auction is similar to crowdfunding "fuck the NSA" experiment. Or even the cyber version of AP. (Assuming it is not scam).
:D Either way, fun to watch :)
On Thu, Aug 18, 2016 at 04:52:09PM +1000, Zenaan Harkness wrote:
On Thu, Aug 18, 2016 at 09:17:09AM +0300, Georgi Guninski wrote:
On Thu, Aug 18, 2016 at 12:11:11AM -0400, grarpamp wrote:
The auction live on air: https://blockchain.info/address/19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK :D
Either way, fun to watch :)
Much better than the Olympics ;) The bitcoin addresses look somewhat weird to me. IIRC they are formed from some crypto stuff of the user and the user has _some_ control of it at least via bruteforce. I suspect the user can't chose the address directly. Here are the addresses in the last transactions, spaces added by me: 1 never 9kNNkr27UseZSHnaEHg1z8v3Mbb 1 gonna V3MFNjymS4RGvUbHACstiS8aSYz 1 give GEk184Gwep2KT4UBPTcE9oqWzCVR 1 you KBMLEohsexdZtkvnTzHnc4iU7Ffty 1 up AbpBEWQ467QNT7i4vBMVPzSfQ3sqoQ 1 never 9kNNkr27UseZSHnaEHg1z8v3Mbb 1 gonna V3MFNjymS4RGvUbHACstiS8aSYz 1 1et AyypstpXLQpTgoYmYzT8M2foBSBe1 1 you KBMLEohsexdZtkvnTzHnc4iU7Ffty 1 down AsBbRQcBfUj8rgQomqhRsNFf1jMo ...skip some... 1 nice C9Xz1rBLvwcphRUVU4GEfaVzvTwa Reading downwards, this makes sense in English in _consecutive transactions_ (except the last). If the addresses were random, the probability of this happening appears very low IMHO, what does math say? Is this known bitcoin joke/weak steganography?
On 8/18/16, Georgi Guninski <guninski@guninski.com> wrote:
The auction live on air: https://blockchain.info/address/19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK
Much better than the Olympics ;)
Election year taking on a whole new world of meaning. Just think of what fun go down 4 years from now :)
Here are the addresses in the last transactions, spaces added by me: Reading downwards, this makes sense in English
Lol, rickrolled. If they got free coin, why can't anybody ever rickroll me some .1337 coin too... dafuckwitdatshitbro? bitcoin:1CCdLCCGuWVTu1MU4g4MtbVMCnSUZJ46Gc
On Thu, Aug 18, 2016 at 04:04:02AM -0400, grarpamp wrote:
On 8/18/16, Georgi Guninski <guninski@guninski.com> wrote:
The auction live on air: https://blockchain.info/address/19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK
Much better than the Olympics ;)
Election year taking on a whole new world of meaning. Just think of what fun go down 4 years from now :)
Here are the addresses in the last transactions, spaces added by me: Reading downwards, this makes sense in English
Lol, rickrolled. If they got free coin, why can't anybody ever rickroll me some .1337 coin too... dafuckwitdatshitbro? bitcoin:1CCdLCCGuWVTu1MU4g4MtbVMCnSUZJ46Gc
Comedy gold! :D "Dear NSA (yes alright, you too CIA, ya little pip sqshits!) (oh, ok you too FBI, yeah and the DOD and the DIA, and the ... shit, what a mess the USA is with so many competing "intelligence" agencies), you are 0wned, 4nd some 0thers are ownded too, so y'all might like to pay, as in pay up. And no, this is not blackmail, this is just business - it's an auction see. At least, that's what we want y'all to believe now since you can't handle the truth! Sope! What we gunna do is suggest we bin paid a LOT of coin yo! Yo? Yo! And just to let our true friends no this no joke yo (did I mention "yo"?) we got some cool coin message yo! "never gonna give you up, never gonna let you down" That's code see, to our friends yo!"
On Thu, Aug 18, 2016 at 04:04:02AM -0400, grarpamp wrote:
Here are the addresses in the last transactions, spaces added by me: Reading downwards, this makes sense in English
Lol, rickrolled. If they got free coin, why can't anybody ever rickroll me some .1337 coin too... dafuckwitdatshitbro? bitcoin:1CCdLCCGuWVTu1MU4g4MtbVMCnSUZJ46Gc
WTF, someone is singing to Shadow Brokers a verse from a song, reading: "Never gonna give you up, never gonna let you down" Assuming "1et" is hexspeak for "let". Would someone please confirm this? Which bitcoin forum can answer how common such jokes are? What do you mean by "rickrolled"? There are no links except to addresses. What cyber weapons do you trade for bitcoins? ;) Seriously: IMHO you will reach much larger audience by running blog and reposting your stuff there, possibly adding more. Good luck with the bitcoins!
On Thu, Aug 18, 2016 at 04:04:02AM -0400, grarpamp wrote:
Here are the addresses in the last transactions, spaces added by me: Reading downwards, this makes sense in English
Lol, rickrolled. If they got free coin, why can't anybody ever
Is the series of 0.0010101 transactions in less than a minute similar joke?
Alright, who's the lurker from VICE http://motherboard.vice.com/read/someone-rickrolled-the-bitcoin-auction-for-... On 8/18/2016 01:53, Georgi Guninski wrote:
On Thu, Aug 18, 2016 at 04:52:09PM +1000, Zenaan Harkness wrote:
On Thu, Aug 18, 2016 at 09:17:09AM +0300, Georgi Guninski wrote:
On Thu, Aug 18, 2016 at 12:11:11AM -0400, grarpamp wrote:
http://pastebin.com/NDTU5kJQ The auction live on air: https://blockchain.info/address/19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK :D
Either way, fun to watch :) Much better than the Olympics ;)
The bitcoin addresses look somewhat weird to me. IIRC they are formed from some crypto stuff of the user and the user has _some_ control of it at least via bruteforce. I suspect the user can't chose the address directly.
Here are the addresses in the last transactions, spaces added by me:
1 never 9kNNkr27UseZSHnaEHg1z8v3Mbb 1 gonna V3MFNjymS4RGvUbHACstiS8aSYz 1 give GEk184Gwep2KT4UBPTcE9oqWzCVR 1 you KBMLEohsexdZtkvnTzHnc4iU7Ffty 1 up AbpBEWQ467QNT7i4vBMVPzSfQ3sqoQ 1 never 9kNNkr27UseZSHnaEHg1z8v3Mbb 1 gonna V3MFNjymS4RGvUbHACstiS8aSYz 1 1et AyypstpXLQpTgoYmYzT8M2foBSBe1 1 you KBMLEohsexdZtkvnTzHnc4iU7Ffty 1 down AsBbRQcBfUj8rgQomqhRsNFf1jMo ...skip some... 1 nice C9Xz1rBLvwcphRUVU4GEfaVzvTwa
Reading downwards, this makes sense in English in _consecutive transactions_ (except the last).
If the addresses were random, the probability of this happening appears very low IMHO, what does math say?
Is this known bitcoin joke/weak steganography?
On Thu, Aug 18, 2016 at 03:53:04AM -0600, Deorge Chesterton wrote:
Alright, who's the lurker from VICE
http://motherboard.vice.com/read/someone-rickrolled-the-bitcoin-auction-for-...
How did they found this? Looks like their story is quite after the announcement in THIS thread? Plagiarism? ;) The story is at 05:20 AM EST 18 August 2016.
On 8/18/2016 01:53, Georgi Guninski wrote:
On Thu, Aug 18, 2016 at 04:52:09PM +1000, Zenaan Harkness wrote:
On Thu, Aug 18, 2016 at 09:17:09AM +0300, Georgi Guninski wrote:
On Thu, Aug 18, 2016 at 12:11:11AM -0400, grarpamp wrote:
http://pastebin.com/NDTU5kJQ The auction live on air: https://blockchain.info/address/19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK :D
Either way, fun to watch :) Much better than the Olympics ;)
The bitcoin addresses look somewhat weird to me. IIRC they are formed from some crypto stuff of the user and the user has _some_ control of it at least via bruteforce. I suspect the user can't chose the address directly.
Here are the addresses in the last transactions, spaces added by me:
1 never 9kNNkr27UseZSHnaEHg1z8v3Mbb 1 gonna V3MFNjymS4RGvUbHACstiS8aSYz 1 give GEk184Gwep2KT4UBPTcE9oqWzCVR 1 you KBMLEohsexdZtkvnTzHnc4iU7Ffty 1 up AbpBEWQ467QNT7i4vBMVPzSfQ3sqoQ 1 never 9kNNkr27UseZSHnaEHg1z8v3Mbb 1 gonna V3MFNjymS4RGvUbHACstiS8aSYz 1 1et AyypstpXLQpTgoYmYzT8M2foBSBe1 1 you KBMLEohsexdZtkvnTzHnc4iU7Ffty 1 down AsBbRQcBfUj8rgQomqhRsNFf1jMo ...skip some... 1 nice C9Xz1rBLvwcphRUVU4GEfaVzvTwa
Reading downwards, this makes sense in English in _consecutive transactions_ (except the last).
If the addresses were random, the probability of this happening appears very low IMHO, what does math say?
Is this known bitcoin joke/weak steganography?
On Thu, Aug 18, 2016 at 03:53:04AM -0600, Deorge Chesterton wrote:
Alright, who's the lurker from VICE
http://motherboard.vice.com/read/someone-rickrolled-the-bitcoin-auction-for-...
There might be no VICE lurker here. According to my google search, this first appeared on reddit, several hours before here. According to theregister, the free file contains CISCO SNMP 0day.
On Thu, Aug 18, 2016 at 12:11:11AM -0400, grarpamp wrote:
http://pastebin.com/NDTU5kJQ a guest Aug 13th, 2016 27,472 Never
FYI the password is public now and decrypted stuff is available on github.
On Tue, Apr 11, 2017 at 04:47:58PM +0300, Georgi Guninski wrote:
On Thu, Aug 18, 2016 at 12:11:11AM -0400, grarpamp wrote:
http://pastebin.com/NDTU5kJQ a guest Aug 13th, 2016 27,472 Never
FYI
Not much on the "information" side - a github link perhaps?
the password is public now and decrypted stuff is available on github.
participants (4)
-
Deorge Chesterton -
Georgi Guninski -
grarpamp -
Zenaan Harkness