DanderSpritz Docs

Documentation about the Equation Group's DanderSpritz post-exploitation framework

View project on GitHub


DanderSpirtz Persistence Methods

This content is still under construction

DanderSpritz has several tools built into get persistence for tools (such as keyloggers) and implants (such as PeddleCheap). In this page, we will cover the types of persistence capabilities that exist within the tool and how to leverage them.

Implant Persistence

Using the pc_prep command, the operator can begin persistently installing a configured PeddleCheap payload on the target machine. The PeddleCheap installer will prompt the operator for several pieces of information including:

  • Should PeddleCheap listen or callback?
  • Should PeddleCheap only listen or call back at specific times
  • Should PeddheCheap use the standard listening or callback ports
  • Which private / public keypair should be used for C&C communication
  • Should PeddleCheap enable it’s “quick deletion” functionality

PeddleCheap persistence methods





KillSuit Persistence Methods


SolarTime (SOTI)

JustVisiting (JUVI)

DanderSpritz_docs is maintained by francisck.

This page was generated by GitHub Pages.