Documents Snowden confirm the accuracy of the data Shadow Brokers

In one of our posts , which was devoted to the compromised cyber-grouping data of the Equation Group, it was indicated that one of the ex-employees of the NSA TAO was able to confirm the accuracy of this data. Another indicator of plausibility was the presence of EXTRABACON exploit for Cisco network devices and the directory naming scheme in the exploit directory in the 0day archive. However, The Intercept journalists, who previously published Snowden’s NSA-revealing documents, cite a series of other irrefutable evidence that the Shadow Brokers archive does contain cybergroup data that is directly related to the NSA and is known as the Equation Group.


We are talking about the connection of one of the malicious programs of the cyber group called SECONDDATE with the source texts that are in the Shadow Brokers hackers archive. Below is a brief description of the functions of SECONDDATE, which was taken from the secret, previously unpublished documents of Snowden.

SECONDDATE is a tool designed to intercept web requests and redirect browsers. That server, in turn, is designed to infect them with malware. SECONDDATE's existence of a computer code is called TURBINE. The malware server has been previously described as Snowden documents.

The following is a scan of the most secret document, which deals with a special constant in the SECONDDATE code that appears in one of the malware of the Shadow Brokers archive.
')


A constant is a special string that should be used as the MSGID identifier. The string can be hard-wired in the body of the malware, as can be seen in the example of 14 different files from the Shadow Brokers archive. One of these files is called SecondDate-3021.exe. Below in the screenshot you can see this line in the body of the executable file.



The archive contains 47 different files that are related to SECONDDATE malware, including various versions of its modules, as well as instructions for using it. As noted by The Intercept, SECONDDATE is, in fact, just a component of the larger NSA spyware software called BADDECISION. Below are the slides of the NSA secret presentation that were recently published.





The second slide shows the use of the attack component SECONDDATE, which is used to redirect traffic to the victim's system. BADDECISION was used in US cyber operations in Pakistan and Lebanon.