Daniel Roberson - DOUBLEFANTASY

Daniel Roberson

DOUBLEFANTASY

0001-01-01

DOUBLEFANTASY is a POSIX-compliant, multiplatform malware written by the Equation Group.

https://toddcullumresearch.com/2017/04/13/equationgroup-doublefantasy-part-1/

https://malpedia.caad.fkie.fraunhofer.de/details/win.doublefantasy

https://twitter.com/Int2e_/status/1294565186939092994

https://securelist.com/equation-the-death-star-of-malware-galaxy/68750/

DEAD LINK https://fmnagisa.wordpress.com/2020/08/27/revisiting-equationgroups-fanny-worm-or-dementiawheel/

https://www.forcepoint.com/resources/podcast/replay-roided-out-sitting-duck-juan-andres-guerrero-saade

https://research.checkpoint.com/2021/a-deep-dive-into-doublefeature-equation-groups-post-exploitation-dashboard/

Links to this note

Recent Posts

Linux Persistence: Modular Software

2025-04-17 DFIR CTF persistence linux persistence apache asterisk

Linux Persistence: Web Shells

2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP

Linux Persistence: Rootkits

2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking

Linux Persistence: Processes

2025-04-11 DFIR persistence processes linux persistence processes

Defanging Linux LKM Rootkits With cleanup_module()

2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit