Aerosol Posted February 21, 2015 Report Posted February 21, 2015 Table of contents1. What is the Equation group?..........................................................................32. Why do you call them the “Equation” group?................................................33. What attack tools and malware does the*Equation group use? ..................44. What is DOUBLEFANTASY?.............................................................................65. What is EQUATIONDRUG? ..............................................................................86. What is GRAYFISH?.........................................................................................97. What is Fanny?............................................................................................. 128. What exploits does the Equation group*use?............................................. 149. How do victims get infected by EQUATION group malware?...................... 1510. What is the most sophisticated thing about the EQUATION group? ......... 1611. Have you observed any artifacts indicating who is behindthe*EQUATION*group?.................................................................................. 1912. How many victims are there?...................................................................... 2013. Have you seen any non-Windows malware from the Equation group?..... 2214. What C&C infrastructure do the Equation group implants use? ............... 2315. How do victims get selected for infection by the EQUATION group?......... 2316. What kind of encryption algorithms are*used by the EQUATION group?... 2717. How does the EQUATION group’s attack platformscompare with Regin?................................................................................... 3018. How did you discover this malware? .......................................................... 31Indicators of compromise (“one of each”) ......................................................... 32Read more here: http://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf Quote