Check out the results from our first round of ATT&CK Evaluations at!


Equation is a sophisticated threat group that employs multiple remote access tools. The group is known to use zero-day exploits and has developed the capability to overwrite the firmware of hard disk drives. [1]

ID: G0020
Aliases: Equation
Version: 1.0

Alias Descriptions


Techniques Used

EnterpriseT1109Component FirmwareEquation is known to have the capability to overwrite the firmware on hard drives from some manufacturers.[1]
EnterpriseT1120Peripheral Device DiscoveryEquation has used tools with the functionality to search for specific information about the attached hard drive that could be used to identify and overwrite the firmware.[1]