The Shadow Brokers hacker group is back, releasing message 5 - trick or treat. This time, instead of releasing Equation Group exploit tools, the group dumped a list of servers allegedly compromised by the NSA-linked Equation Group.As usual, the Shadow Brokers included a slaughtered-English rambling message that primarily focused on the upcoming elections. One portion reads:TheShadowBrokers is having suggestion. On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016.After reminding readers of Iran elections and Stuxnet, the group suggested, \u201cMaybe is not Russia hacking election, maybe is being payback from Iran?\u201dThis Shadow Brokers\u2019 dump was signed by the same key as the first dump of NSA exploits. The leaked list indicates the Equation Group targets friends like the U.K. and so-called enemies like China to serve as staging platforms to launch attacks.Security researcher Mustafa Al-Bassam, formerly a core member of LulzSec, said the servers were likely compromised between 2000 and 2010.Al-Bassam added, \u201cSo even the NSA hacks machines from compromised servers in China and Russia. This is why attribution is hard.\u201dAl-Bassam wished GCHQ a Happy Halloween before\u00a0pointing out:Security researcher Kevin Beaumont explained that the NSA doesn\u2019t hack the governments of other countries from NSA.gov; \u201cyou upload tools to third-party staging platforms.\u201d Beaumont also tweeted that the list of compromised \u201cservers is nine years old,\u201d so most servers \u201clikely no longer exist\u201d or have been \u201creinstalled.\u201dThe dumpMost of the servers were running Solaris, although some were running FreeBSD or Linux. The compromised servers were reportedly targets of INTONATION and PITCHIMPAIR; the leak also included a list of previously undisclosed Equation Group tools: Dewdrop, Incision, Jackladder, Orangutan, Patchicillin, Reticulum, Sidetrack and Stoicsurgeon.Matt Swann organized the newest Shadow Brokers dump in an Excel spreadsheet with 109 lines, showing the domains, IP addresses, targeted OS, timestamp and previously undisclosed NSA-linked implants.The Equation Group APT-affected UNIX host list on Pastebin shows 594 total lines; the first 291 are IP addresses, followed by 302 domain names.Elsewhere, Hacker House analyzed the leak and then reported, \u201cIn total, 352 IP addresses are provided alongside 306 domain names which these tools may have been run on. These addresses include timestamps that begin on 22nd August 2000 at 13:50:45 and finish 18th August 2010 at 11:43:46.\u201d A quick \u201cShodan scan of these hosts indicates that some of the hosts are still active and running the identified software.\u201d Anyone on the list should make sure they are not still serving as a platforms for Equation Group cyber attacks.Countries targeted as staging platforms for attacksThe hosts include 32 .edu domains and nine .gov associated domains. The geographic distribution of attacked hosts appears to be global impacting 49 countries. However, the top 10 impacted countries are China, Japan, Korea, Spain, Germany, India, Taiwan, Mexico, Italy and Russia. The top three, China, Japan and Korea, make up a substantial number of attacked hosts.Furthermore, Hacker House created a graph of countries affected by the Equation Group APT Solaris attack.Those countries, after switching their country codes to country names, include:China, Japan, South Korea, Spain, Germany, India, Taiwan, Mexico, Italy, Russian Federation, U.K., Pakistan, Sweden, Bangladesh, Macau, Saudi Arabia, Poland, Thailand, U.S., Finland, Iran, Netherlands, Argentina, Belgium, Brazil, Chile, Algeria, Egypt, Greece, Turkey, Venezuela, United Arab Emirates, Austria, Bolivia, Botswana, Cyprus, Gabon, Bosnia and Herzegovina, Hungary, Jordan, Kenya, Sri Lanka, Namibia, Nicaragua, Norway, Philippines, Romania and the European Union.Shadow Brokers still wants moneyIf the leak is to be believed, then the Shadow Brokers\u2019 auction of Equation Group toolkits would likely have included a Solaris exploit. Shadow Brokers still wants money, closing message 5 with: \u201cHow bad do you want it to get? When you are ready to make the bleeding stop, payus, so we can move onto the next game. The game where you try to catch us cashing out! Swag us out!\u201dEarly in October, The New York Times reported that NSA contractor Harold Martin III was arrested for allegedly stealing \u201cmany terabytes\u201d of classified code; the FBI found \u201cthousands of pages of documents and dozens of computers or other electronic devices at his home and in his car, a large amount of it classified.\u201d The Times suggested that Martin, a Booz Allen Hamilton employee, may have been linked to Shadow Brokers, but not everyone believes that to be true.