Shadow Brokers are at it again, offering apparent Windows exploits and toolkits. The timing of this does not seem coincidental. Most interesting perhaps is the fact that the exploits contain a possible SMB zero day exploit. Some capabilities like “GetAdmin” and “PasswordDump” seem rather obviously needed capabilities. However, the listed plugin “EventLogEdit” is significant for digital forensics and incident response (DFIR) professionals investigating APT cases. No tools are offered for proof of the dump this time, only screenshots and descriptions of the tools.”]
Source: http://malwarejake.blogspot.com/2017/01/implications-of-newest-shadow-brokers.html