SYMBOLCOMMON_NAMEaka. SYNONYMS
win.peddlecheap (Back to overview)

PeddleCheap

Actor(s): Equation Group


PeddleCheap is a module of the DanderSpritz framework which surface with the "Lost in Translation" release of TheShadowBrokers leaks. In May 2020, ESET mentioned that they found mysterious samples of PeddleCheap packed with a custom packer so far exclusively attributed to Winnti.

References
2021-12-27Checkpoint Research
A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard
Equationgroup (Sorting) Fanny MISTYVEAL PeddleCheap
2020-05-07Twitter (@ESETresearch)ESET Research
Tweet on PeddleCheap packed with Winnti packer
PeddleCheap
2018-02-06ForcepointJohn Bergbom
DanderSpritz/PeddleCheap traffic analysis (Part 1 of 2)
PeddleCheap
2017-11-13Obscurity LabsObscurity Labs
Match Made In The Shadows: Part [3]
PeddleCheap

There is no Yara-Signature yet.