Doppelpaymer

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
DoppelPaymer is a form of malware, specifically ransomware, known for its high-profile attacks on large organizations and municipalities. Originally based on the BitPaymer ransomware, DoppelPaymer was reworked and renamed by the threat group GOLD HERON, after initially being operated by GOLD DRAKE. It has been used in various campaigns alongside other malware like Dridex. Notable targets of this ransomware include commercial entities such as ASUS and energy giant ConocoPhillips, as well as municipalities like Augusta, Georgia. The ransom demands associated with DoppelPaymer often exceed $1 million, demonstrating its focus on high-value targets. In March 2020, DoppelPaymer targeted several prominent companies including SpaceX, Tesla, and a Boeing parts manufacturer, further cementing its reputation as a significant cybersecurity threat. Despite these successful infiltrations, DoppelPaymer's activities have not gone unnoticed by law enforcement agencies. Throughout the early months of 2023, operations against major ransomware threats, including DoppelPaymer, were carried out, resulting in significant disruptions to their operations. The culmination of these efforts came when core members of the DoppelPaymer ransomware gang were targeted in a Europol operation. This led to the arrest of two individuals believed to be integral to the group's activities in Germany and Ukraine. These arrests marked a significant victory in the ongoing battle against global cybercrime, demonstrating the effectiveness of international cooperation in combating such threats. However, as of my knowledge cutoff in September 2021, DoppelPaymer remained an active ransomware threat, highlighting the need for continued vigilance in cybersecurity practices.
What's your take? (Question 1 of 5)
711acf6c-6592-4131-883c-24557ffcc771 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
BitPaymer
3
BitPaymer is a type of malware that operates as ransomware, encrypting files and demanding payment for their release. It was operated by the GOLD DRAKE threat group and was later reworked and renamed DoppelPaymer by the GOLD HERON threat group. As part of the Ransomware as a Service (RaaS) model tha
Grief
2
Grief is a malicious software, or malware, known for its destructive capabilities to exploit and damage computer systems. It infiltrates unsuspecting users' devices through suspicious downloads, emails, or websites, often without their knowledge. Once inside a system, Grief can steal personal inform
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Police
Europol
Malware
Cybercrime
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DridexUnspecified
3
Dridex is a well-known malware, specifically a banking Trojan, that has been utilized by cybercriminals to exploit and damage computer systems. The malware infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user, and can steal personal information, disrupt o
QbotUnspecified
2
Qbot, also known as Qakbot or Pinkslipbot, is a sophisticated malware that initially emerged in 2007 as a banking trojan. It has since evolved into an advanced strain used by various cybercriminal groups to infiltrate networks and prepare them for ransomware attacks. The first known use of an ITG23
EmotetUnspecified
2
Emotet is a notorious malware that has been active for over a decade, known for its ability to infiltrate and manipulate email accounts. It tricks individuals into downloading infected files or clicking on malicious links, thus spreading its influence. It was a major player in the malware delivery b
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Doppelpaymer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
a year ago
European police dismantled the DoppelPaymer ransomware gang
Malwarebytes
a year ago
DoppelPaymer ransomware group disrupted
CERT-EU
a year ago
European raid targeted notorious ransomware gang DoppelPaymer
Naked Security
a year ago
S3 Ep125: When security hardware has security holes [Audio + Text]
CERT-EU
a year ago
The Week in Ransomware - March 10th 2023 - Police Take Action
Malwarebytes
8 months ago
DoppelPaymer ransomware group suspects identified
MITRE
a year ago
Stopping Serial Killer: Catching the Next Strike - Check Point Research
CERT-EU
a year ago
8 of the Biggest Ransomware Attacks in Recent History: A Look Back
CERT-EU
5 months ago
The law enforcement operations targeting cybercrime in 2023
Secureworks
a year ago
Ransomware Evolution
InfoSecurity-magazine
a year ago
DoppelPaymer Ransomware Gang Members Busted in Germany, Ukraine
CERT-EU
8 months ago
Cyber Security Week in Review: September 29, 2023
CERT-EU
a year ago
North Korean hackers used polished LinkedIn profiles to target security researchers
CERT-EU
a year ago
FBI and international cops catch a NetWire RAT
MITRE
a year ago
WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
CERT-EU
8 months ago
DoppelPaymer ransomware group suspects identified - Cyber Security Review
CERT-EU
10 months ago
Over 640 Citrix servers backdoored with web shells in ongoing attacks
CERT-EU
5 months ago
AlphV/BlackCat allegedly calls for ransomware gang ‘cartel’ to stand up to police | IT World Canada News
CERT-EU
7 months ago
Boeing Confirms Cyberattack Amid Lockbit Ransomware Gang Claims
CERT-EU
10 months ago
Russia-linked cybercriminals target school for children with learning difficulties