DOPPEL SPIDERDOPPEL SPIDER

Also known as: GOLD HERON · DOPPEL SPIDER

Known aliases
2

Profile

In June 2019, CrowdStrike Intelligence observed a source code fork of BitPaymer and began tracking the new ransomware strain as DoppelPaymer. Further technical analysis revealed an increasing divergence between two versions of Dridex, with the new version dubbed DoppelDridex. Based on this evidence, CrowdStrike Intelligence assessed with high confidence that a new group split off from INDRIK SPIDER to form the adversary DOPPEL SPIDER. Following DOPPEL SPIDER’s inception, CrowdStrike Intelligence observed multiple BGH incidents attributed to the group, with the largest known ransomware demand being 250 BTC. Other demands were not nearly as high, suggesting that the group conducts network reconnaissance to determine the value of the victim organization.

Aliases· 2

GOLD HERONDOPPEL SPIDER

References

  1. https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf
  2. http://www.secureworks.com/research/threat-profiles/gold-heron

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
DoppelPaymer
Actor
INDRIK SPIDER
Actor
GOLD DUPONT
Actor
BOSS SPIDER
Actor
GRIM SPIDER
Software
BitPaymer
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.