Shadow Brokers Compilation Dates

ShadowBrokers EquationGroup Compilation Timestamp Observation

From the post:

I looked at the IOCs @GossiTheDog ā€¸posted, looked each up in virus total and dumped the compilation timestamp into a spreadsheet.

To step back a second, the Microsoft Windows compiler embeds the date and time that the given .exe or .dll was compiled. Compilation time is a very useful characteristic of Portable Executable. Malware authors could zero it or change it to a random value, but I’m not sure there is any indication of that here. If the compilation timestamps are real, then there’s an interesting observation in this dataset.

A very clever observation! Check time stamps for patterns!

Enables an attentive reader to ask:

  1. Where the Shadow Broker exploits stolen prior to 2013-08-22?
  2. If no to #1, where are the exploits post 2013-08-22?

Have dumps so far been far away lightning that precedes very close thunderclaps?

Imagine compilation timestamps in 2014, 2015, or even 2016?

Listen for Shadow Brokers to roar!

Comments are closed.