SYMBOLCOMMON_NAMEaka. SYNONYMS
win.peddlecheap (Back to overview)

PeddleCheap

Actor(s): Equation Group

PeddleCheap is a module of the DanderSpritz framework which surface with the "Lost in Translation" release of TheShadowBrokers leaks. In May 2020, ESET mentioned that they found mysterious samples of PeddleCheap packed with a custom packer so far exclusively attributed to Winnti.

References
2021-12-27Checkpoint Research
@online{research:20211227:deep:c94d67d, author = {Checkpoint Research}, title = {{A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard}}, date = {2021-12-27}, url = {https://research.checkpoint.com/2021/a-deep-dive-into-doublefeature-equation-groups-post-exploitation-dashboard/}, language = {English}, urldate = {2022-01-05} } A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard
Equationgroup (Sorting) Fanny MISTYVEAL PeddleCheap
2020-05-07Twitter (@ESETresearch)ESET Research
@online{research:20200507:peddlecheap:8a701e3, author = {ESET Research}, title = {{Tweet on PeddleCheap packed with Winnti packer}}, date = {2020-05-07}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1258353960781598721}, language = {English}, urldate = {2020-05-07} } Tweet on PeddleCheap packed with Winnti packer
PeddleCheap
2018-02-06ForcepointJohn Bergbom
@online{bergbom:20180206:danderspritzpeddlecheap:b09bc8f, author = {John Bergbom}, title = {{DanderSpritz/PeddleCheap traffic analysis (Part 1 of 2)}}, date = {2018-02-06}, organization = {Forcepoint}, url = {https://www.forcepoint.com/fr/blog/security-labs/new-whitepaper-danderspritzpeddlecheap-traffic-analysis-part-1-2#}, language = {English}, urldate = {2020-05-07} } DanderSpritz/PeddleCheap traffic analysis (Part 1 of 2)
PeddleCheap
2017-11-13Obscurity LabsObscurity Labs
@online{labs:20171113:match:b967fde, author = {Obscurity Labs}, title = {{Match Made In The Shadows: Part [3]}}, date = {2017-11-13}, organization = {Obscurity Labs}, url = {https://obscuritylabs.com/blog/2017/11/13/match-made-in-the-shadows-part-3/}, language = {English}, urldate = {2020-05-07} } Match Made In The Shadows: Part [3]
PeddleCheap

There is no Yara-Signature yet.