Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
Tags
attack-pattern: Data Credentials - T1589.001 Dynamic Api Resolution - T1027.007 Email Addresses - T1589.002 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Software - T1592.002 Vnc - T1021.005 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID 952b9303-0f92-4dd6-8ada-f1440aac0f12
Fingerprint 84b41a5bac799651
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 7, 2024, midnight
Added to db Nov. 12, 2024, 11:47 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
Title Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
Detected Hints/Tags/Attributes 105/1/21
Source URLs
Redirection Url
Details Source https://www.crowdstrike.com/en-us/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/
URL Provider
Details Provider Source level domain
Details crowdstrike.com www.crowdstrike.com
Attributes
Details Type #Events CTI Value
Details File 3 
gpupdate.bat
Details File 1122 
svchost.exe
Details File 478 
lsass.exe
Details File 37 
icacls.exe
Details File 21 
takeown.exe
Details File 345 
vssadmin.exe
Details File 256 
net.exe
Details sha256 2 
c7f8c6e833243519cdc8dd327942d62a627fe9c0793d899448938a3f10149481
Details sha256 2 
17526923258ff290ff5ca553248b5952a65373564731a2b8a0cff10e56c293a4
Details sha256 2 
282b7a6d1648e08c02846820324d932ccc224affe94793e9d63ff46818003636
Details sha256 2 
8943356b0288b9463e96d6d0f4f24db068ea47617299071e6124028a8160db9c
Details sha256 2 
f0e600bdca5c6a5eae155cc82aad718fe68d7571b7c106774b4c731baa01a50c
Details sha256 2 
b44e61de54b97c0492babbf8c56fad0c1f03cb2b839bad8c1c8d3bcd0591a010
Details sha256 2 
13209680c091e180ed1d9a87090be9c10876db403c40638a24b5bc893fd87587
Details sha256 2 
91c0c6ab8a1fe428958f33da590bdd52baec868c7011461da8a8972c3d989d42
Details sha256 2 
f1d69b69f53af9ea83fe8281e5c1745737fd42977597491f942755088c994d8e
Details sha256 2 
39e7a9b0ea00316b232b3d0f8c511498ca5b6aee95abad0c3f1275ef029a0bef
Details Pdb 2 
s:\work\_bin\release-win32\wp_encrypt.pdb
Details Windows Registry Key 188 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Details Windows Registry Key 9 
HKCU\Software\Classes\ms-settings\shell\open\command
Details Windows Registry Key 16 
HKCU\Software\Classes\mscfile\shell\open\command