PeddleCheap (Malware Family)

PeddleCheap

PeddleCheap is a module of the DanderSpritz framework which surface with the "Lost in Translation" release of TheShadowBrokers leaks. In May 2020, ESET mentioned that they found mysterious samples of PeddleCheap packed with a custom packer so far exclusively attributed to Winnti.

References

2021-12-27 ⋅ Checkpoint Research
A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard
Equationgroup (Sorting) Fanny MISTYVEAL PeddleCheap

2020-05-07 ⋅ Twitter (@ESETresearch) ⋅ ESET Research
Tweet on PeddleCheap packed with Winnti packer
PeddleCheap

2018-02-06 ⋅ Forcepoint ⋅ John Bergbom
DanderSpritz/PeddleCheap traffic analysis (Part 1 of 2)
PeddleCheap

2017-11-13 ⋅ Obscurity Labs ⋅ Obscurity Labs
Match Made In The Shadows: Part [3]
PeddleCheap

There is no Yara-Signature yet.

PeddleCheap Propose Change

References

PeddleCheap