Research

EQGRP implants/backdoors

• FUNNELOUT: Implant/Backdoor for vBulletin v3 and v4.
• PANTSPARTY: Backdoor in SSH daemon by ways of inserting a public key that gives a root shell when connecting with the corresponding private key.
• PORK: Implant/Backdoor for external facing services and inetd.

EQGRP exploits

• ANSWERBOOK: A RCE exploit for Sun Answerbook 2.
• BOSSLAD LIGHT: A RCE exploit for Dell/EMC/Legato NetWorker.
• CATFLAP: A RCE that gives you a remote shell by exploiting telnet on Solaris.

EQGRP tools

• CONSTANTMOVE: Unknown shell script that runs on STOICSURGEON implanted hosts.
• COTTONAXE: A shell script that monitors the content of files on Unix servers. Features include: performing full copies on change, compressing the output, nulling the original file, scheduling commands (a bit like cron), …
• HIDELITE, DITTLELITE, DITTLELIGHT: (Un)hide processes on INCISION boxes.
• PITIEDFOOL: Delete MFT from partitions and volume shadow copies.