Yours sincerely,
Will
This repository contains information and resources related to malware analysis. The content provided here is intended solely for educational and research purposes. By accessing or using any part of this repository, you agree to the following terms:
-
Educational Use Only: The materials in this repository are provided for the purpose of studying and understanding malware behavior and should not be used for any malicious or unauthorized activities.
-
No Responsibility: The author(s) of this repository do not accept any responsibility or liability for any harm, loss, or damage caused by the use or misuse of the information, code, or tools provided here. This includes, but is not limited to, any direct, indirect, incidental, or consequential damages arising out of or in connection with the use or performance of this repository.
-
Use at Your Own Risk: Any use of the information or resources in this repository is done at your own risk. It is your responsibility to ensure that you have adequate knowledge, tools, and precautions in place when working with malware.
-
Compliance with Laws: It is your responsibility to ensure that your use of the information and resources in this repository complies with all applicable laws, regulations, and policies. Unauthorized use of this repository's contents may violate local, state, national, or international laws.
-
No Warranty: The information, code, and tools in this repository are provided "as is" without any warranties of any kind, either express or implied. The author(s) make no representations or warranties regarding the accuracy, completeness, or suitability of the content provided.
-
Third-Party Links: This repository may contain links to third-party websites or resources. These links are provided for convenience only, and the author(s) do not endorse or assume any responsibility for the content, products, or services provided by third parties.
By continuing (scrolling, accessing, and/or using this repository), you acknowledge that you have read, understood, and agree to this disclaimer. If you do not agree to these terms, you should not use this repository or its contents and are advised not to continue. Please have a good day.
Please see the THANKS_TO.md file for people I consider helpful in building this repo!
NLS is a malware that targets storage device firmware, specifically HDD/SSD firmware, making it a boot/rootkit. In a nutshell, that's NLS.
This repository is a collection of NLS-related files gathered from various sources to make it more accessible for researchers and antivirus developers. The repository includes:
- Binary/Raw files
- Memory and Hardware Dumps (
JTAG/UART) - Sample Firmwares (before and after with diff)
NLS_933W.DLL is nearly impossible to find on the internet. I discovered it on one of my hard drives as part of a sample collection. This repository aims to consolidate information and resources related to this elusive malware.
- See the ONLY_MALWARE branch for the malware.
- If you see
need PK compat. v5.1 (can do v4.6), you need to installengrampaon Linux. I use Qubes for malware and Engrampa to pack infected archives.
- EQUATIONGROUP
- STUXNET
- FANNY.BMP
- BRUTALKANGAROO
- GAUSS
- FLAMER
NLS_933W.DLL (referred to as NLS) is a rootkit (or bootkit) residing in the firmware of storage devices. This grants it extreme persistence, and its mechanisms will be covered in this repository.
- TODO
- TODO
🌻 Click to Expand Tree
files will be listed here.
I would like to express my sincere gratitude to hasherezade for their invaluable contributions to the field. Specifically, their repository crypto_utils has been an immensely useful tool in my research.
Thank you for your hard work and dedication!
Yours sincerely,
Will
// Notes
If you see a lot of `$\textcolor{red}{\...`, you need to enable JavaScript. It's just red text.