Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers – The Hacker News

Category: NSA

Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that's dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group.

DanderSpritz came to light on April 14, 2017, when a hacking group known as the Shadow Brokers leaked the exploit tool, among others, under a dispatch titled "Lost in Translation." Also included in the leaks was EternalBlue, a cyberattack exploit developed by the U.S. National Security Agency (NSA) that enabled threat actors to carry out the NotPetya ransomware attack on unpatched Windows computers.

The tool is a modular, stealthy, and fully functional framework that relies on dozens of plugins for post-exploitation activities on Windows and Linux hosts. DoubleFeature is one among them, which functions as a "diagnostic tool for victim machines carrying DanderSpritz," researchers from Check Point said in a new report published Monday.

"DoubleFeature could be used as a sort of Rosetta Stone for better understanding DanderSpritz modules, and systems compromised by them," the Israeli cybersecurity firm added. "It's an incident response team's pipe dream."

Designed to maintain a log of the types of tools that could be deployed on a target machine, DoubleFeature is a Python-based dashboard that also doubles up as a reporting utility to exfiltrate the logging information from the infected machine to an attacker-controlled server. The output is interpreted using a specialized executable named "DoubleFeatureReader.exe."

Some of the plugins monitored by DoubleFeature include remote access tools called UnitedRake (aka EquationDrug) and PeddleCheap, a stealthy data exfiltration backdoor dubbed StraitBizarre, an espionage platform called KillSuit (aka GrayFish), a persistence toolset named DiveBar, a covert network access driver called FlewAvenue, and a validator implant named MistyVeal that verifies if the compromised system is indeed an authentic victim machine and not a research environment.

"Sometimes, the world of high-tier APT tools and the world of ordinary malware can seem like two parallel universes," the researchers said. "Nation-state actors tend to [maintain] clandestine, gigantic codebases, sporting a huge gamut of features that have been cultivated over decades due to practical need. It turns out we too are still slowly chewing on the 4-year-old leak that revealed DanderSpritz to us, and gaining new insights."

More here:
Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers - The Hacker News

Report: NSA is currently using Anthropics unreleased Mythos model - Sherwood News - April 23rd, 2026 [April 23rd, 2026]
FBI And NSA Warnings IgnoredNo Fix For Millions Of Phones - Forbes - April 23rd, 2026 [April 23rd, 2026]
NSA Uses AI Mythos Even Though Anthropic is Blacklisted by the Pentagon - VOI.ID - April 23rd, 2026 [April 23rd, 2026]
NSA Running Blacklisted Anthropic AI: Warning for UK Banks - Disruption Banking - April 23rd, 2026 [April 23rd, 2026]
Amritpal Singh Taken into Punjab Police Custody After NSA Detention Ends in Dibrugarh - The Sentinel - of this Land, for its People - April 23rd, 2026 [April 23rd, 2026]
Cybersecurity, Claude Mythos, is Anthropic's model in the hands of the Nsa? - Il Sole 24 ORE - April 23rd, 2026 [April 23rd, 2026]
NSA Doval Meets Top Saudi Leaders, Focus On Security And Energy - The Times of India - April 23rd, 2026 [April 23rd, 2026]
NSA: stereotyping, ethnic profiling can weaken intelligence gathering - The Nation Newspaper - April 7th, 2026 [April 7th, 2026]
Former NSA John Bolton says Pentagon would have told President Trump about Iran closing the Strait of Hormuz beforehand - indica News - April 5th, 2026 [April 5th, 2026]
Trump Thought This Would Be Easier: Former NSA John Bolton Exposes US Presidents Unprepared War Strategy - Republic World - April 5th, 2026 [April 5th, 2026]
Dog owners urged to take responsibility as NSA ramps up sheep worrying campaign - Hexham Courant - April 5th, 2026 [April 5th, 2026]
Dog owners urged to take responsibility as NSA ramps up sheep worrying campaign - The Scottish Farmer - April 5th, 2026 [April 5th, 2026]
'Dhurandhar 2 sets a new benchmark, it's going to be very difficult for anyone to match up': Former deputy NSA of India | Bollywood - Hindustan Times - April 1st, 2026 [April 1st, 2026]
Rethinking the NSA Office beyond security coordination - The Nation Newspaper - April 1st, 2026 [April 1st, 2026]
The $15 Billion Post-Quantum Migration: NIST Standards Are Final, NSA Deadlines Are Set, and Enterprise Cybersecurity Is About to Be Rebuilt from the... - April 1st, 2026 [April 1st, 2026]
NSA kicks off sheep worrying awareness week - Agriland.co.uk - April 1st, 2026 [April 1st, 2026]
Regime change only way to tackle Iran threat, says former US NSA John Bolton - CNBC TV18 - March 30th, 2026 [March 30th, 2026]
The command centre: Why Nigerias NSA must evolve beyond coordination - guardian.ng - March 30th, 2026 [March 30th, 2026]
Former NSA chiefs worry American offensive edge in cybersecurity is slipping - CyberScoop - March 28th, 2026 [March 28th, 2026]
NSA and ASDs ACSC Release Joint Guidance on LEO SATCOM System Risks and Mitigations - National Security Agency (.gov) - March 28th, 2026 [March 28th, 2026]
New NSA director pushes for more intel-sharing with allies in internal meeting - Nextgov/FCW - March 28th, 2026 [March 28th, 2026]
"Trump Is Transactional, Doesn't Think Strategically": Former US NSA - NDTV - March 28th, 2026 [March 28th, 2026]
Former NSA John Bolton urges Trump to cut Irans oil revenue after PM Modi call - The Indian EYE - March 28th, 2026 [March 28th, 2026]
$HAREHOLDER ALERT: The M&A Class Action Firm Is Investigating The MergerULY, NSA, CTRA, and FONR - WBOC TV - March 28th, 2026 [March 28th, 2026]
Rethinking the command centre: Why Nigerias NSA must evolve beyond coordination - The Sun Nigeria - March 28th, 2026 [March 28th, 2026]
Constitutional freedoms cannot be exercised at the cost of human lives: Allahabad HC upholds preventive detention order under NSA - SCC Online - March 28th, 2026 [March 28th, 2026]
Next Generation Shepherd of the Year Competition opens for NSA Scotsheep 2026 - The Scottish Farmer - March 28th, 2026 [March 28th, 2026]
NSA (NSA) explains vesting, prorated FY2026 bonus and severance in merger with Public Storage - Stock Titan - March 20th, 2026 [March 20th, 2026]
Sergio Gor meets NSA Ajit Doval discussing geopolitical issues - The Indian EYE - March 20th, 2026 [March 20th, 2026]
National Storage Investor Alert: Kahn Swick & Foti, LLC Investigates Adequacy of Price and Process in Proposed Sale of National Storage Affiliates... - March 20th, 2026 [March 20th, 2026]
Public Storage to Buy NSA: Is This a Smart Growth Move for Investors? - TradingView - March 20th, 2026 [March 20th, 2026]
Was Russia an IMMINENT THREAT to US?: Rep Scott Perry grills NSA official on Ukraine war - The Economic Times - March 20th, 2026 [March 20th, 2026]
NSA invoked against prime accused Aslam in banned meat supply case - thehitavada.com - March 20th, 2026 [March 20th, 2026]
Watch | Indian Foreign Policy Confused; Were Not as Influential as We Used to Be: Former NSA - TheWire.in - March 20th, 2026 [March 20th, 2026]
Russia Or Iran? Trumps NSA Cornered in Senate Over Military Action in Iran As War Enters 4th Week - Oneindia - March 20th, 2026 [March 20th, 2026]
Need to Evolve The Office of the NSA Beyond Coordination to National Defence Strategy Nerve Centre - THISDAYLIVE - March 20th, 2026 [March 20th, 2026]
Halper Sadeh LLC is Investigating Whether UNF, NSA, ULY, MPX are Obtaining Fair Deals for their ... - Bluefield Daily Telegraph - March 20th, 2026 [March 20th, 2026]
Organized and technological: ICE resistance groups posing growing danger, warns former top NSA, DHS official - Fox News - March 18th, 2026 [March 18th, 2026]
Declassified Report Reveals NSA Broke Surveillance Rules - Project On Government Oversight - March 18th, 2026 [March 18th, 2026]
Gen. Joshua Rudd '93 confirmed as leader of U.S. Cyber Command, NSA; elevated to rank of general - Furman University - March 18th, 2026 [March 18th, 2026]
Public Storage to Buy NSA: Is This a Smart Growth Move for Investors? - Zacks Investment Research - March 18th, 2026 [March 18th, 2026]
National Storage (NSA) Climbs to Record High on $10.5-Billion Acquisition - Yahoo Finance - March 18th, 2026 [March 18th, 2026]
Organized and technological: ICE resistance groups posing growing danger, warns former top NSA, DHS official - WFIN - March 18th, 2026 [March 18th, 2026]
SHAREHOLDER ALERT: The M&A Class Action Firm Announces An Investigation of National Storage Affiliates Trust (NYSE: NSA) - PR Newswire - March 18th, 2026 [March 18th, 2026]
National Storage Affiliates Trust (NYSE:NSA) Rating Increased to Neutral at BNP Paribas Exane - MarketBeat - March 18th, 2026 [March 18th, 2026]
Is National Storage Affiliates Trust (NSA) Share Price Misaligned With Its DCF Estimate Today - Yahoo Finance - March 9th, 2026 [March 9th, 2026]
Interview with 2026 AFI NSA Naples Spouse of the Year, Dannielle Niewald - Stripes Europe - March 9th, 2026 [March 9th, 2026]
Iranian drones strike apartments in city thats home to NSA Bahrain - Stars and Stripes - March 7th, 2026 [March 7th, 2026]
"At this point, US win is going to be pretty elusive," says former US Principal Dy NSA Jon Finer on Iran... - lokmattimes.com - March 7th, 2026 [March 7th, 2026]
"Over next 5-10 years, you are likely to see emergence of new nuclear powers": Former US NSA official Jon... - lokmattimes.com - March 7th, 2026 [March 7th, 2026]
China tends to pursue strategy of staying on good terms with everyone: Former US NSA official Finer - ANI News - March 7th, 2026 [March 7th, 2026]
NSA (NSA) Executive Chair Fischer reports new OP unit awards and LTIP conversions - Stock Titan - March 4th, 2026 [March 4th, 2026]
Cyber retaliation from Iran is a problem for U.S. companies 'It's in the hands of a 19-year-old hacker in a Telegram room,' ex-NSA operative says -... - March 4th, 2026 [March 4th, 2026]
Ajit Doval Indias Most Useless NSA Ever Says Netizens: Zero Intel on Uri, Pulwama, Galwan, Iran War & More - indiaherald.com - March 4th, 2026 [March 4th, 2026]
Sheep Village Cynefin to be launched by RWAS and NSA at the Royal Welsh Show - Shropshire Star - March 4th, 2026 [March 4th, 2026]
Wyden blocks nominee to lead NSA and Cyber Command - Federal News Network - February 27th, 2026 [February 27th, 2026]
Wyden blocks Rudd confirmation to lead Cyber Command, NSA - The Record from Recorded Future News - February 27th, 2026 [February 27th, 2026]
NSA said to have seen security concerns in Grok - breakingthenews.net - February 27th, 2026 [February 27th, 2026]
NSA: Solid Q4 Beat and Favorable 2026 Outlook, But Cost Pressures and High Expectations Justify Hold Rating - TipRanks - February 27th, 2026 [February 27th, 2026]
Videotron and Samsung Expand Partnership Through 5G NSA and 4G LTE Core Gateway Deployment - samsung.com - February 24th, 2026 [February 24th, 2026]
Videotron Taps Samsung for Cloud-Native 5G NSA and LTE Core Gateway Solution - The Fast Mode - February 24th, 2026 [February 24th, 2026]
El-Rufai Demanded to Provide Evidence in NSA Hacking Claims - streamlinefeed.co.ke - February 24th, 2026 [February 24th, 2026]
DSS to arraign El-Rufai on Feb. 25 over alleged NSA phone interception - Businessday NG - February 24th, 2026 [February 24th, 2026]
Securus Technologies Supports Expansion of Sheriff-Led NSA I.G.N.I.T.E. Initiative to Improve Jail Safety and Reentry Outcomes - PR Newswire - February 7th, 2026 [February 7th, 2026]
NSA set to deal with defiant parties, politicians, supporters on integrity of democratic process - ThePointNG - February 7th, 2026 [February 7th, 2026]
Where NSA zero trust guidance aligns with enterprise reality - Help Net Security - February 4th, 2026 [February 4th, 2026]
UNG third in Division 1 of NSA cyber event - University of North Georgia - February 4th, 2026 [February 4th, 2026]
Green Beret Lieutenant General Joshua Rudd Tapped To Lead NSA and US Cyber Command - SOFREP - February 4th, 2026 [February 4th, 2026]
SC Flags Health Concerns, Urges Rethink on Sonam Wangchuks NSA Detention - The Morning Voice - February 4th, 2026 [February 4th, 2026]
What security teams need to know about the NSA's new zero trust guidelines - IT Pro - February 4th, 2026 [February 4th, 2026]
'India won't be bullied': NSA Ajit Doval told Marco Rubio that New Delhi would wait out Trump term for trade deal: Report - theweek.in - February 4th, 2026 [February 4th, 2026]
When Protest becomes a Threat: Inside the Supreme Court hearing on Sonam Wangchuks NSA detention - SabrangIndia - February 4th, 2026 [February 4th, 2026]
If NSA Commits Database Query Violations, But Nobody Audits Them, Do They Really Happen? - emptywheel - February 4th, 2026 [February 4th, 2026]
Army general tapped to lead NSA vows to follow the law if confirmed - Military Times - February 1st, 2026 [February 1st, 2026]
Overturned tractor-trailer shuts portion of Route 32 near NSA - WBAL-TV - February 1st, 2026 [February 1st, 2026]
Nominee to lead NSA backs controversial spying law - Defense One - February 1st, 2026 [February 1st, 2026]
NSA pick champions foreign spying law as nomination advances - The Record from Recorded Future News - February 1st, 2026 [February 1st, 2026]
NSA Releases Phase One and Phase Two of the Zero Trust Implementation Guidelines - National Security Agency (.gov) - February 1st, 2026 [February 1st, 2026]
Army General Tapped to Lead NSA Said He Doesnt Know Much About the Biggest NSA Controversy - The Intercept - February 1st, 2026 [February 1st, 2026]
Trump's pick to lead the NSA vows to follow the law if confirmed - ABC News - February 1st, 2026 [February 1st, 2026]

December 28th, 2021

No comments yet

Comments are closed.

Mediaboss Marketing

Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers – The Hacker News

About

Pages

Categories

Media Sites

Recommended Sites

Archives