Who is DOPPEL SPIDER?

DOPPEL SPIDER is a threat actor, also known as GOLD HERON. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does DOPPEL SPIDER exploit?

Specific CVE exploitation data for DOPPEL SPIDER is being tracked. Check the Strobes VI threat actor profile for updates.

DOPPEL SPIDER

Also known as: GOLD HERON

Exploited CVEs

Overview

In June 2019, CrowdStrike Intelligence observed a source code fork of BitPaymer and began tracking the new ransomware strain as DoppelPaymer. Further technical analysis revealed an increasing divergence between two versions of Dridex, with the new version dubbed DoppelDridex. Based on this evidence, CrowdStrike Intelligence assessed with high confidence that a new group split off from INDRIK SPIDER to form the adversary DOPPEL SPIDER. Following DOPPEL SPIDER’s inception, CrowdStrike Intelligence observed multiple BGH incidents attributed to the group, with the largest known ransomware demand being 250 BTC. Other demands were not nearly as high, suggesting that the group conducts network reconnaissance to determine the value of the victim organization.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database