DOUBLEFANTASY

Description

(Kaspersky) The Equation Group’s DoubleFantasy implant is a validator-style Trojan which sends basic information about the system to the attackers. It also allows them to upload a more sophisticated Trojan platform, such as EQUATIONDRUG or GRAYFISH. In general, after one of these sophisticated platforms are installed, the attackers remove the DoubleFantasy implant. In case the victim doesn’t check out, for example, if they are a researcher analysing the malware, the attackers can simply choose to uninstall the DoubleFantasy implant and clean up the victim’s machine.

Names

Name
DOUBLEFANTASY
DoubleFantasy
VALIDATOR

Type

Reconnaissance
Downloader

Information

https://securelist.com/equation-group-from-houston-with-love/68877/
https://www.antiy.com/response/FROM_EQUATION_TO_EQUATIONS.pdf

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/elf.doublefantasy
https://malpedia.caad.fkie.fraunhofer.de/details/win.doublefantasy

Other Information

Uuid

7e44cd7d-5496-4c09-9a9f-d823f9637796

Last Card Change

2022-12-28

Threat Intelligence Garden

Explorer

DOUBLEFANTASY

DOUBLEFANTASY

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks