THE EVOLUTION OF DOPPEL SPIDER FROM BITPAYMER TO GRIEF RANSOMWARE
Common Information
| Type | Value |
|---|---|
| UUID | 44c4dbd1-620d-4ea4-8be4-6ef79b35f6ce |
| Fingerprint | 5eed950474d1ab5dc8d54bbb9e5317478306da801aa450db7d4a21f819661c1c |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 6, 2022, 10:12 a.m. |
| Added to db | March 11, 2024, 7:06 p.m. |
| Last updated | Aug. 31, 2024, 5:39 a.m. |
| Headline | THE EVOLUTION OF DOPPEL SPIDER FROM BITPAYMER TO GRIEF RANSOMWARE |
| Title | THE EVOLUTION OF DOPPEL SPIDER FROM BITPAYMER TO GRIEF RANSOMWARE |
| Detected Hints/Tags/Attributes | 190/3/23 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://cdn.armor.com/app/uploads/2022/01/2022-Q1-ThreatIntel-Final.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | armor.com |
|
| Details | Domain | 2 | www.doppleshare.top |
|
| Details | Domain | 3 | atakai-technologies.host |
|
| Details | Domain | 3 | akamai-technologies.site |
|
| Details | Domain | 3 | akamai-technologies.space |
|
| Details | Domain | 26 | mediafire.com |
|
| Details | Domain | 97 | virustotal.com |
|
| Details | File | 6 | c:\aaa_touchmenot_.txt |
|
| Details | File | 2 | k166sm.exe |
|
| Details | File | 10 | md.exe |
|
| Details | File | 34 | eventvwr.exe |
|
| Details | File | 345 | vssadmin.exe |
|
| Details | File | 23 | diskshadow.exe |
|
| Details | File | 21 | takeown.exe |
|
| Details | File | 37 | icacls.exe |
|
| Details | sha256 | 2 | d693c33dd550529f3634e3c7e53d82df70c9d4fbd0c339dbc1849ada9e539ea2 |
|
| Details | IPv4 | 2 | 185.238.0.233 |
|
| Details | MITRE ATT&CK Techniques | 276 | T1490 |
|
| Details | MITRE ATT&CK Techniques | 180 | T1543.003 |
|
| Details | MITRE ATT&CK Techniques | 13 | T1564.004 |
|
| Details | Url | 1 | http://mediafire.com |
|
| Details | Url | 1 | https://virustotal.com/file |
|
| Details | Windows Registry Key | 3 | HKCR\mscfile\shell\open\command |