Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 00:35:00 UTC
Home > List all groups > List all tools > List all groups using tool DanderSpritz
 Tool: DanderSpritz
Names DanderSpritz
Category Malware
Type Control panel
Description
(Check Point) DanderSpritz is a full-featured post-exploitation framework used by the
Equation Group. This framework was usually leveraged after exploiting a machine and
deploying the PeddleCheap “implant”. DanderSpritz is very modular and contains a wide
variety of tools for persistence, reconnaissance, lateral movement, bypassing Antivirus
engines, and other such shady activities. It was leaked by The Shadow Brokers on April 14th,
2017 as part of the “Lost in Translation” leak.
Information
Last change to this tool card: 25 January 2022
Download this tool card in JSON format
All groups using tool DanderSpritz
Changed Name Country Observed
APT groups
 Equation Group 2001-Aug 2016
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=192d3385-0b66-4858-b94a-46a27d18b8cd
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=192d3385-0b66-4858-b94a-46a27d18b8cd
Page 1 of 1