CrowdStrike Discovers New DoppelPaymer Ransomware & Dridex Variant
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 8749d449-480a-4ac9-84b0-d0bbdaf05d0e |
| Fingerprint | 98b21453adcb8871 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 7, 2024, midnight |
| Added to db | Nov. 12, 2024, 11:49 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0 |
| Title | CrowdStrike Discovers New DoppelPaymer Ransomware & Dridex Variant |
| Detected Hints/Tags/Attributes | 76/1/48 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 24 | arp.exe |
|
| Details | File | 33 | nslookup.exe |
|
| Details | File | 256 | net.exe |
|
| Details | File | 11 | dropbox.exe |
|
| Details | File | 74 | onenote.exe |
|
| Details | File | 4 | sidebar.exe |
|
| Details | File | 11 | cis.exe |
|
| Details | File | 67 | oracle.exe |
|
| Details | File | 5 | cistray.exe |
|
| Details | File | 14 | postgres.exe |
|
| Details | File | 5 | zonealarm.exe |
|
| Details | File | 3 | fortiwf.exe |
|
| Details | File | 8 | a2guard.exe |
|
| Details | File | 15 | nortonsecurity.exe |
|
| Details | File | 9 | a2service.exe |
|
| Details | File | 10 | bullguard.exe |
|
| Details | File | 8 | a2start.exe |
|
| Details | File | 4 | bullguardbhvscanner.exe |
|
| Details | File | 41 | avastsvc.exe |
|
| Details | File | 3 | bullguardscanner.exe |
|
| Details | File | 8 | avshadow.exe |
|
| Details | File | 4 | bullguardtray.exe |
|
| Details | File | 41 | avastui.exe |
|
| Details | File | 5 | bullguardupdate.exe |
|
| Details | File | 3 | fortiesnac.exe |
|
| Details | File | 15 | servicehost.exe |
|
| Details | File | 3 | fortiproxy.exe |
|
| Details | File | 11 | avira.sys |
|
| Details | File | 11 | tray.exe |
|
| Details | File | 3 | fortisslvpndaemon.exe |
|
| Details | File | 119 | avp.exe |
|
| Details | File | 6 | fortitray.exe |
|
| Details | File | 3 | mbcloudea.exe |
|
| Details | File | 14 | msascuil.exe |
|
| Details | File | 5 | nod32.exe |
|
| Details | File | 20 | wrsa.exe |
|
| Details | File | 45 | mcshield.exe |
|
| Details | sha256 | 2 | 51d8618ec86159327e883615ad8989c7638172cf801f65ab0367e5b2e6af596a |
|
| Details | sha256 | 10 | d4a0fe56316a2c45b9ba9ac1005363309a3edc7acf9e4df64d326a0ff273e80f |
|
| Details | sha256 | 2 | 0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc |
|
| Details | sha256 | 2 | bfb7e62ba4ad5975e68a1beefb045cb72e056911fd7a8b070a15029dfcbbefe1 |
|
| Details | sha256 | 4 | bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4 |
|
| Details | sha256 | 2 | 70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4 |
|
| Details | sha256 | 2 | 813d8020f32fefe01b66bea0ce63834adef2e725801b4b761f5ea90ac4facd3a |
|
| Details | sha256 | 2 | 801b04a1504f167c25f568f8d7cbac13bdde6440a609d0dcd64ebe225c197f9b |
|
| Details | IPv4 | 2 | 2.0.0.78 |
|
| Details | IPv4 | 2 | 2.0.0.80 |
|
| Details | IPv4 | 2 | 4.0.0.87 |