Skip to content

Instantly share code, notes, and snippets.

@Zenexer

Zenexer/shadowbrokers.aREADME.md

Last active April 15, 2017 07:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Zenexer/f699af7682d41a203ba9560de3ff88c2 to your computer and use it in GitHub Desktop.
Save Zenexer/f699af7682d41a203ba9560de3ff88c2 to your computer and use it in GitHub Desktop.
Download ZIP
Technical observations from the Shadow Brokers leak
Raw
shadowbrokers.aREADME.md

What is this?

These are portions of JSON responses from Yandex while browsing the latest Shadow Brokers leak. They include information about the uploads that isn't necessarily visible or easy to access from the web interface.

Observations

  1. The leak was released shortly after a Patch Tuesday and at the start of a holiday weekend.
  2. Uploader's account name: yurishitova
    1. The account doesn't show up anywhere else; it was likely created specifically for this purpose.
    2. My guess is that the name can be broken up into two words:
      1. Yurishi, a character from Legend of the Five Rings. Notable excerpt from the first link:

        Yurishi was an enigma to all including himself, the child of the Shadow Dragon and an unknown mortal. He possessed tremendous control over other Goju while simultaneously retaining a strong sense of individuality.

        The absence of the Shadow Dragon granted Yurishi more freedom, and he decided to forge a legacy of his own. Yurishi took control of his family and pledged his loyalty and the services of his family to Daigotsu Kanpeki, who he saw as a kindred soul. Since the Shadow Dragon had been imprisoned Yurishi found increasingly easier to see through his vassals eyes. He eventually posed as a Dragon samurai, Mirumoto Shigeri, to meet his followers, such as Goju Kumoru.

      2. Tova, a name
  3. Uploader's account ID: 488888682
    1. The account IDs appear to be sequential, and they're currently in the 4893XXXXX range.
    2. To-do: determine approximate age of account
  4. Uploader's locale: en (English)
  5. (Subjective) The writing appears to have deliberately poor grammar. It freqently uses the word "do" correctly, which is quite unusual for someone who is still learning English grammar. The grammatical errors are highly consistent and don't quite correlate with what I typically expect from people learning English as a second language. The text is also quite legible, English expressions are used correctly, and there aren't any notable non-English expressions. Additionally, a variety of tenses are used, often correctly; it appears as though tenses are mismatched only where doing so wouldn't add ambiguity to the meaning of an important sentence. Critical or emotional sentences have near-perfect grammar and utilize complex vocabulary; elsewhere, only simple words are used.

JSON sources

Model URL from which request was made
feedBlockData https://disk.yandex.com/client/feed
resource https://disk.yandex.com/client/public/Bk6-O_cFRdYmYKuyo_q6dAetdy3LiU4LqoYMMWNcXNk=
resources https://disk.yandex.com/client/public/Bk6-O_cFRdYmYKuyo_q6dAetdy3LiU4LqoYMMWNcXNk=
Raw
shadowbrokers.feedBlockData.json
{
"model": "feedBlockData",
"params": {
"type": "public_resource",
"short_url": "http://yadi.sk/d/NJqzpqo_3GxZA4"
},
"data": {
"resource": {
"ctime": 1492156719,
"meta": {
"uid": "488888682",
"short_url": "https://yadi.sk/d/NJqzpqo_3GxZA4",
"views_counter": 19748,
"file_id": "fc5f0d3883efc6589dd8297a1db2b9637d11d050cfbd1e2b8d2fe0f232db3ccb",
"speed_limited": 1,
"comment_ids": {
"private_resource": "488888682:fc5f0d3883efc6589dd8297a1db2b9637d11d050cfbd1e2b8d2fe0f232db3ccb",
"public_resource": "488888682:fc5f0d3883efc6589dd8297a1db2b9637d11d050cfbd1e2b8d2fe0f232db3ccb"
},
"public": 1,
"download_counter": 1344,
"size": 172236656,
"files_count": 4
},
"mtime": 1492156719,
"utime": 1492156719,
"type": "dir",
"name": "Share",
"user": {
"display_name": "yurishitova",
"uid": "488888682",
"locale": "en",
"paid": 0,
"login": "yurishitova",
"advertising_enabled": 0
},
"id": "/public/Bk6-O_cFRdYmYKuyo_q6dAetdy3LiU4LqoYMMWNcXNk=",
"hash": "Bk6+O/cFRdYmYKuyo/q6dAetdy3LiU4LqoYMMWNcXNk="
},
"user": {
"display_name": "yurishitova",
"uid": "488888682",
"locale": "en",
"paid": 0,
"login": "yurishitova",
"advertising_enabled": 0
},
"comments": {
"likes_count": 3,
"dislikes_count": 0,
"comments_count": 0,
"actions": [
"view"
]
}
}
}
Raw
shadowbrokers.resource.json
{
"model": "resource",
"params": {
"id": "/public/Bk6-O_cFRdYmYKuyo_q6dAetdy3LiU4LqoYMMWNcXNk="
},
"data": {
"ctime": 1492156719,
"meta": {
"uid": "488888682",
"short_url": "https://yadi.sk/d/NJqzpqo_3GxZA4",
"views_counter": 20592,
"file_id": "fc5f0d3883efc6589dd8297a1db2b9637d11d050cfbd1e2b8d2fe0f232db3ccb",
"speed_limited": 1,
"comment_ids": {
"private_resource": "488888682:fc5f0d3883efc6589dd8297a1db2b9637d11d050cfbd1e2b8d2fe0f232db3ccb",
"public_resource": "488888682:fc5f0d3883efc6589dd8297a1db2b9637d11d050cfbd1e2b8d2fe0f232db3ccb"
},
"public": 1,
"download_counter": 1424,
"size": 172236656,
"files_count": 4
},
"mtime": 1492156719,
"utime": 1492156719,
"type": "dir",
"name": "Share",
"user": {
"display_name": "yurishitova",
"uid": "488888682",
"locale": "en",
"paid": 0,
"login": "yurishitova",
"advertising_enabled": 0
},
"id": "/public/Bk6-O_cFRdYmYKuyo_q6dAetdy3LiU4LqoYMMWNcXNk=",
"hash": "Bk6+O/cFRdYmYKuyo/q6dAetdy3LiU4LqoYMMWNcXNk="
}
}
Raw
shadowbrokers.resources.json
[
{
"model": "resources",
"params": {
"idContext": "/public/Bk6-O_cFRdYmYKuyo_q6dAetdy3LiU4LqoYMMWNcXNk=",
"order": "1",
"sort": "name",
"offset": "0",
"amount": "40"
},
"data": {
"resources": [
{
"ctime": 1492156748,
"meta": {
"mimetype": "application/pgp-encrypted",
"drweb": 1,
"uid": "488888682",
"download_counter": 2954,
"mediatype": "unknown",
"file_id": "f7c421b3fb1d37bbf81f0ef6dc71605ddb145a1618980a149574bf3cf7a4ddac",
"comment_ids": {
"private_resource": "488888682:f7c421b3fb1d37bbf81f0ef6dc71605ddb145a1618980a149574bf3cf7a4ddac",
"public_resource": "488888682:f7c421b3fb1d37bbf81f0ef6dc71605ddb145a1618980a149574bf3cf7a4ddac"
},
"size": 167986
},
"mtime": 1492156748,
"path": "Bk6+O/cFRdYmYKuyo/q6dAetdy3LiU4LqoYMMWNcXNk=:/odd.tar.xz.gpg",
"utime": 1492156748,
"type": "file",
"id": "/public/Bk6-O_cFRdYmYKuyo_q6dAetdy3LiU4LqoYMMWNcXNk=:/odd.tar.xz.gpg",
"name": "odd.tar.xz.gpg",
"hash": "Bk6+O/cFRdYmYKuyo/q6dAetdy3LiU4LqoYMMWNcXNk=:/odd.tar.xz.gpg"
},
{
"ctime": 1492158673,
"meta": {
"mimetype": "text/plain",
"drweb": 1,
"uid": "488888682",
"sizes": [
{
"url": "https://downloader.disk.yandex.ru/preview/ad13dbf164f666bb519bfab1c724974ff304af5741eb42c5ad729b664c210896/inf/V06E075KWa0qY4EH7CBw0fRke4XST0FM23aX-Kzk-vBrQFTzzzHPrzcTi-IB27xF0bRgZijdEuj0iM8DsFEZEQ%3D%3D?uid=0&filename=sha256sum.txt&disposition=inline&hash=&limit=0&content_type=image%2Fjpeg&tknv=v2",
"name": "DEFAULT"
},
{
"url": "https://downloader.disk.yandex.ru/preview/ad13dbf164f666bb519bfab1c724974ff304af5741eb42c5ad729b664c210896/inf/V06E075KWa0qY4EH7CBw0fRke4XST0FM23aX-Kzk-vBrQFTzzzHPrzcTi-IB27xF0bRgZijdEuj0iM8DsFEZEQ%3D%3D?uid=0&filename=sha256sum.txt&disposition=inline&hash=&limit=0&content_type=image%2Fjpeg&tknv=v2&size=XXXS&crop=0",
"name": "XXXS"
},
{
"url": "https://downloader.disk.yandex.ru/preview/ad13dbf164f666bb519bfab1c724974ff304af5741eb42c5ad729b664c210896/inf/V06E075KWa0qY4EH7CBw0fRke4XST0FM23aX-Kzk-vBrQFTzzzHPrzcTi-IB27xF0bRgZijdEuj0iM8DsFEZEQ%3D%3D?uid=0&filename=sha256sum.txt&disposition=inline&hash=&limit=0&content_type=image%2Fjpeg&tknv=v2&size=XXS&crop=0",
"name": "XXS"
},
{
"url": "https://downloader.disk.yandex.ru/preview/ad13dbf164f666bb519bfab1c724974ff304af5741eb42c5ad729b664c210896/inf/V06E075KWa0qY4EH7CBw0fRke4XST0FM23aX-Kzk-vBrQFTzzzHPrzcTi-IB27xF0bRgZijdEuj0iM8DsFEZEQ%3D%3D?uid=0&filename=sha256sum.txt&disposition=inline&hash=&limit=0&content_type=image%2Fjpeg&tknv=v2&size=XS&crop=0",
"name": "XS"
},
{
"url": "https://downloader.disk.yandex.ru/preview/ad13dbf164f666bb519bfab1c724974ff304af5741eb42c5ad729b664c210896/inf/V06E075KWa0qY4EH7CBw0fRke4XST0FM23aX-Kzk-vBrQFTzzzHPrzcTi-IB27xF0bRgZijdEuj0iM8DsFEZEQ%3D%3D?uid=0&filename=sha256sum.txt&disposition=inline&hash=&limit=0&content_type=image%2Fjpeg&tknv=v2&size=S&crop=0",
"name": "S"
},
{
"url": "https://downloader.disk.yandex.ru/preview/ad13dbf164f666bb519bfab1c724974ff304af5741eb42c5ad729b664c210896/inf/V06E075KWa0qY4EH7CBw0fRke4XST0FM23aX-Kzk-vBrQFTzzzHPrzcTi-IB27xF0bRgZijdEuj0iM8DsFEZEQ%3D%3D?uid=0&filename=sha256sum.txt&disposition=inline&hash=&limit=0&content_type=image%2Fjpeg&tknv=v2&size=M&crop=0",
"name": "M"
},
{
"url": "https://downloader.disk.yandex.ru/preview/ad13dbf164f666bb519bfab1c724974ff304af5741eb42c5ad729b664c210896/inf/V06E075KWa0qY4EH7CBw0fRke4XST0FM23aX-Kzk-vBrQFTzzzHPrzcTi-IB27xF0bRgZijdEuj0iM8DsFEZEQ%3D%3D?uid=0&filename=sha256sum.txt&disposition=inline&hash=&limit=0&content_type=image%2Fjpeg&tknv=v2&size=L&crop=0",
"name": "L"
},
{
"url": "https://downloader.disk.yandex.ru/preview/ad13dbf164f666bb519bfab1c724974ff304af5741eb42c5ad729b664c210896/inf/V06E075KWa0qY4EH7CBw0fRke4XST0FM23aX-Kzk-vBrQFTzzzHPrzcTi-IB27xF0bRgZijdEuj0iM8DsFEZEQ%3D%3D?uid=0&filename=sha256sum.txt&disposition=inline&hash=&limit=0&content_type=image%2Fjpeg&tknv=v2&size=XL&crop=0",
"name": "XL"
},
{
"url": "https://downloader.disk.yandex.ru/preview/ad13dbf164f666bb519bfab1c724974ff304af5741eb42c5ad729b664c210896/inf/V06E075KWa0qY4EH7CBw0fRke4XST0FM23aX-Kzk-vBrQFTzzzHPrzcTi-IB27xF0bRgZijdEuj0iM8DsFEZEQ%3D%3D?uid=0&filename=sha256sum.txt&disposition=inline&hash=&limit=0&content_type=image%2Fjpeg&tknv=v2&size=XXL&crop=0",
"name": "XXL"
},
{
"url": "https://downloader.disk.yandex.ru/preview/ad13dbf164f666bb519bfab1c724974ff304af5741eb42c5ad729b664c210896/inf/V06E075KWa0qY4EH7CBw0fRke4XST0FM23aX-Kzk-vBrQFTzzzHPrzcTi-IB27xF0bRgZijdEuj0iM8DsFEZEQ%3D%3D?uid=0&filename=sha256sum.txt&disposition=inline&hash=&limit=0&content_type=image%2Fjpeg&tknv=v2&size=XXXL&crop=0",
"name": "XXXL"
}
],
"download_counter": 2361,
"mediatype": "document",
"file_id": "08ad80b770c56a501a1faeb896935c5d61036ca7ca2c48bed59942797e5d0e74",
"comment_ids": {
"private_resource": "488888682:08ad80b770c56a501a1faeb896935c5d61036ca7ca2c48bed59942797e5d0e74",
"public_resource": "488888682:08ad80b770c56a501a1faeb896935c5d61036ca7ca2c48bed59942797e5d0e74"
},
"size": 249
},
"mtime": 1492158673,
"path": "Bk6+O/cFRdYmYKuyo/q6dAetdy3LiU4LqoYMMWNcXNk=:/sha256sum.txt",
"utime": 1492158673,
"type": "file",
"id": "/public/Bk6-O_cFRdYmYKuyo_q6dAetdy3LiU4LqoYMMWNcXNk=:/sha256sum.txt",
"name": "sha256sum.txt",
"hash": "Bk6+O/cFRdYmYKuyo/q6dAetdy3LiU4LqoYMMWNcXNk=:/sha256sum.txt"
},
{
"ctime": 1492157336,
"meta": {
"mimetype": "application/pgp-encrypted",
"drweb": 1,
"comment_ids": {
"private_resource": "488888682:25317595c94fb11b7e5ae2e087cb946e07e187ec1ee45c6703c095f8c954eaa3",
"public_resource": "488888682:25317595c94fb11b7e5ae2e087cb946e07e187ec1ee45c6703c095f8c954eaa3"
},
"uid": "488888682",
"download_counter": 10772,
"mediatype": "unknown",
"file_id": "25317595c94fb11b7e5ae2e087cb946e07e187ec1ee45c6703c095f8c954eaa3",
"size": 48393712,
"blockings": {
"simple": {
"public": 1492223834
}
}
},
"mtime": 1492157336,
"path": "Bk6+O/cFRdYmYKuyo/q6dAetdy3LiU4LqoYMMWNcXNk=:/swift.tar.xz.gpg",
"utime": 1492157336,
"type": "file",
"id": "/public/Bk6-O_cFRdYmYKuyo_q6dAetdy3LiU4LqoYMMWNcXNk=:/swift.tar.xz.gpg",
"name": "swift.tar.xz.gpg",
"hash": "Bk6+O/cFRdYmYKuyo/q6dAetdy3LiU4LqoYMMWNcXNk=:/swift.tar.xz.gpg"
},
{
"ctime": 1492158657,
"meta": {
"mimetype": "application/pgp-encrypted",
"drweb": 1,
"comment_ids": {
"private_resource": "488888682:a30d2966c55e843a71aff02bc69ae3f95a4f1d53718682c44df28866277bfa1c",
"public_resource": "488888682:a30d2966c55e843a71aff02bc69ae3f95a4f1d53718682c44df28866277bfa1c"
},
"uid": "488888682",
"download_counter": 19297,
"mediatype": "unknown",
"file_id": "a30d2966c55e843a71aff02bc69ae3f95a4f1d53718682c44df28866277bfa1c",
"size": 123674709,
"blockings": {
"simple": {
"public": 1492223738
}
}
},
"mtime": 1492158657,
"path": "Bk6+O/cFRdYmYKuyo/q6dAetdy3LiU4LqoYMMWNcXNk=:/windows.tar.xz.gpg",
"utime": 1492158657,
"type": "file",
"id": "/public/Bk6-O_cFRdYmYKuyo_q6dAetdy3LiU4LqoYMMWNcXNk=:/windows.tar.xz.gpg",
"name": "windows.tar.xz.gpg",
"hash": "Bk6+O/cFRdYmYKuyo/q6dAetdy3LiU4LqoYMMWNcXNk=:/windows.tar.xz.gpg"
}
]
}
}
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment