Adversary

Doppel Spider

ORIGIN

Eastern Europe, Russian Federation

Community Identifiers

N/A

Doppel Spider is a criminal actor group that has been operating since circa April 2019 and is responsible for the operation of the malware families named DoppelDridex and DoppelPaymer.

CrowdStrike Intelligence identified that DoppelPaymer is based on a fork of the BitPaymer source code and DoppelDridex is a modified version of the Dridex malware. BitPaymer and Dridex are developed and operated by the criminal actor Indrik Spider.

DoppelDridex is a fork of Indrik Spider Dridex malware. DoppelDridex is being run as a parallel operation to Dridex with a different malware versioning system, different RSA key, and with different infrastructure. In June 2019, parallel operations of BitPaymer and DoppelPaymer were identified and, coupled with the significant code overlap between the two ransomwares, indicate not only a fork of the BitPaymer code base, but two entirely separate operations.

CrowdStrike Intelligence assesses with high confidence that Doppel Spider has splintered from Indrik Spider and is now using forked malware code to run their own Big Game Hunting operations.

Doppel Spider has become increasingly bold in their ransom demands through 2020 with ransoms often equating to several millions of USD and, in at least one case during 2020, requesting over $1B USD.

Technical Tradecraft

  • P2P communications
  • DoppelDridex uses XOR/RSA/RC4 encryption
  • Use of Dridex modules during compromise of the victim’s network
  • Use of services to launch PowerShell Empire downloader scripts

Targeted Nations

  • Flag Icon of the country Austria

    Austria

  • Flag Icon of the country Canada

    Canada

  • Flag Icon of the country Chile

    Chile

  • Flag Icon of the country China

    China

  • Flag Icon of the country France

    France

  • Flag Icon of the country Germany

    Germany

  • Flag Icon of the country Italy

    Italy

  • Flag Icon of the country Japan

    Japan

  • Flag Icon of the country Mexico

    Mexico

  • Flag Icon of the country Qatar

    Qatar

  • Flag Icon of the country Saudi Arabia

    Saudi Arabia

  • Flag Icon of the country South Africa

    South Africa

  • Flag Icon of the country Spain

    Spain

  • Flag Icon of the country Sweden

    Sweden

  • Flag Icon of the country Switzerland

    Switzerland

  • Flag Icon of the country United Arab Emirates

    United Arab Emirates

  • Flag Icon of the country United Kingdom

    United Kingdom

  • Flag Icon of the country United States

    United States

Artwork

Adversary: Doppel Spider - Threat Actor

Crowdstrike Doppel Spider

I have read and accept the terms and conditions

Download
Explore Next Adversary

Terms and conditions

In order to download the adversary artwork, we kindly request you to accept our terms and conditions displayed below.

This image (“artwork”), is the intellectual property of CrowdStrike, Inc. and its affiliates and licensors (collectively, “us” or “we”) and may include other marks, trademarks, copyrighted materials, and other intellectual property (“assets”) that belong t o us, including, without limitation, CrowdStrike, the CrowdStrike logo, and CrowdStrike Falcon. We retain all right, title and interest in and to the artwork and all assets included therein. This artwork is offered to you as a convenience for your lawful a nd non-commercial use, solely as authorized by us, and subject to your compliance with these terms and conditions (“terms”) and any other guidelines or specifications that we may provide from time to time. We reserve the right to change these terms at any time without prior notice.

You should periodically check the latest information posted herein to be sure that you are in compliance. By downloading the artwork, you attest that you are at least 18 years of age and agree to the following terms, which const itute the sole and entire agreement between you and us with respect to the artwork. We reserve all rights not expressly granted to you herein. You may not use or display the artwork in any way: (i) that violates the rights of any person or entity or that may give rise to civil or criminal liability under laws or regulations applicable to you, another user, and/or CrowdStrike; (ii) that is defamatory, obscene, indecent, abusive, harassing, violent, hateful, inflammatory or otherwise objectionable; (iii) tha t is false, deceptive, misleading or fraudulent, including but not limited to: (a) any attempt to impersonate any person or entity, including any other user, CrowdStrike or a CrowdStrike employee; (b) any attempt to misrepresent your identity or affiliation with any person or organization; or (iv) for the purposes of recruiting, advertising, solicitation or commercial activities of any kind without our express written consent.

THE ARTWORK IS PROVIDED TO YOU BY CROWDSTRIKE ON AN “AS IS” AND “AS AVAILABLE” BA SIS, WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. EXCEPT TO THE EXTENT THAT A DISCLAIMER OF LIABILITY IS PROHIBITED UNDER APPLICABLE LAW, IN NO EVENT WILL CROWDSTRIKE, ITS AFFILIATES AND ITS LICENSORS, EMPLOYEES, AGENTS, OFFICERS AND DIRE CTORS BE LIABLE FOR DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY, ARISING OUT OF OR IN CONNECTION WITH YOUR USE, OR INABILITY TO USE, THE ARTWORK.