www.secureworks.com
Open in
urlscan Pro
23.100.35.118
Public Scan
URL:
https://www.secureworks.com/research/threat-profiles/gold-heron
Submission: On December 21 via api from US — Scanned from DE
Submission: On December 21 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
<form><span class="fieldset">
<p><input type="checkbox" value="check" id="chkMain" checked="checked" class="legacy-group-status optanon-status-checkbox"><label for="chkMain">Active</label></p>
</span></form><form class="dsw-search-form">
<div class="container dsw-search-container">
<div class="dsw-search-input has-focus"><input type="search" title="Search" placeholder="Search Threat Profiles..." autocomplete="off" autocorrect="off"><button type="submit">Search</button></div>
</div>
</form>Text Content
Cookie Notice
This website uses cookies to help personalize and improve your experience. Learn
more by visiting our privacy policy. By Continuing to use this site, you are
consenting to the use of cookies.
Close
Accept Cookies
Cookie Settings
* Your Privacy
* Strictly Necessary Cookies
* Performance Cookies
* Functional Cookies
* Targeting Cookies
* More Information
Privacy Preference Centre
Active
Always Active
Save Settings
Allow All
* Emergency Incident Response
* Contact Us
* Events & Webinars
* Blog
* Support
* Login
Try Taegis XDR
* Search Secureworks
* Products
Extended Detection and Response
Managed Detection and Response
Vulnerability Management
Get Started
* Main Menu
* Products Overview
* Extended Detection and Response
* Taegis™ XDR
* Free Adversary Software Coverage Tool
* Managed Detection and Response
* Taegis™ ManagedXDR
* Taegis™ ManagedXDR Elite
* Vulnerability Management
* Taegis™ VDR
* Free VDR Buyer's Guide
* Get Started
* Request an XDR Demo
* Request a VDR Demo
* Free Trial
* * * * Meet Secureworks Taegis
* Extended Detection and Response
* Taegis™ XDR
* Free Adversary Software Coverage Tool
* Managed Detection and Response
* Taegis™ ManagedXDR
* Taegis™ ManagedXDR Elite
* Vulnerability Management
* Taegis™ VDR
* Free VDR Buyer's Guide
* Get Started
* Request an XDR Demo
* Request a VDR Demo
* Free Trial
* Services
Managed Services
Security Assessments & Testing
Incident Response & Readiness
Get Started
* Main Menu
* Services Overview
* Managed Services
* Managed Services Overview
* Taegis™ ManagedXDR
* Taegis™ ManagedXDR Elite
* Security Assessments & Testing
* Threat Hunting Assessment
* GRC Assessments
* Application Security Testing
* Red Team Testing
* Penetration Testing
* Incident Response & Readiness
* Incident Response Retainer
* Incident Response Services
* Get Started
* Talk to an Expert
* Request a Quote
* Emergency IR Hotline
* See All Services
* * * * Experienced a Breach?Contact Us Today
* Managed Services
* Taegis™ ManagedXDR
* Taegis™ ManagedXDR Elite
* Security Assessments & Testing
* Threat Hunting Assessment
* GRC Assessments
* Application Security Testing
* Red Team Testing
* Penetration Testing
* Incident Response & Readiness
* Incident Response Retainer
* Incident Response Services
* Get Started
* Talk to an Expert
* Request a Quote
* Emergency IR Hotline
* See All Services
* Why Secureworks
Industry Leader
Security Expertise
* Main Menu
* Why Secureworks Overview
* Industry Leader
* Industry Solutions
* Our Customers
* Awards
* Security Expertise
* Threat Intelligence Research
* Current Threat Analysis
* Practitioner Blog
* Let's Talk SOC Podcast
* * * * We Beat the Threat
* Industry Leader
* Industry Solutions
* Our Customers
* Awards
* Security Expertise
* Threat Intelligence Research
* Current Threat Analysis
* Practitioner Blog
* Let's Talk SOC Podcast
* Partners
Partner Programs
Technology Alliances
Get Started
* Main Menu
* Partners Overview
* Partner Programs
* Global Partner Program
* Solution Provider
* MSSP
* Cyber Risk Partner Program
* Technology Alliances
* Technology Alliance Partners Program
* Secureworks and AWS
* Secureworks and Mimecast
* Get Started
* Become a Partner
* Password Reset
* Partner Portal Login
* * * * Access our Partner Portal for collateral, certification, requests
for funds and more
* Partner Programs
* Global Partner Program
* Solution Provider
* MSSP
* Cyber Risk Partner Program
* Technology Alliances
* Technology Alliance Partners Program
* Secureworks and AWS
* Secureworks and Mimecast
* Get Started
* Become a Partner
* Password Reset
* Partner Portal Login
* Resources
Resources
Threat Research
Knowledge Centers
* Main Menu
* Resources Overview
* Resources
* Resource Library
* Webinars
* Industry Reports
* White Papers
* Data Sheets
* Case Studies
* Podcasts
* Blog
* Threat Research
* Threat Profiles
* Threat Analysis and Advisories
* Research & Intelligence
* Executive Reports
* Knowledge Centers
* Knowledge Centers Overview
* What is Ransomware?
* What is XDR?
* Endpoint Security: Enhanced Visibility via XDR and EDR
* Cybersecurity Solutions
* * * * Taegis™ XDR Adversary Software Coverage ToolAccess the Tool
* Resources
* Resource Library
* Webinars
* Industry Reports
* White Papers
* Data Sheets
* Case Studies
* Podcasts
* Blog
* Threat Research
* Threat Profiles
* Threat Analysis and Advisories
* Research & Intelligence
* Executive Reports
* Knowledge Centers
* What is Ransomware?
* What is XDR?
* Endpoint Security: Enhanced Visibility via XDR and EDR
* Cybersecurity Solutions
* View All...
* Company
About Us
The Press Room
Connect with Us
COVID-19: Stay Secure
* Main Menu
* Company Overview
* About Us
* Corporate Overview
* Office Locations
* Our Leadership
* Corporate Responsibility
* The Press Room
* Investor Relations
* In the News
* Events
* Press Releases
* Connect with Us
* Careers
* Partners
* Open Letter to Customers
* COVID-19: Stay Secure
* COVID-19 Resources
* Flexible Security Solutions
* * * About Us
* Corporate Overview
* Office Locations
* Our Leadership
* Corporate Responsibility
* The Press Room
* Investor Relations
* In the News
* Events
* Press Releases
* Connect with Us
* Careers
* Partners
* Open Letter to Customers
* COVID-19: Stay Secure
* COVID-19 Resources
* Flexible Security Solutions
* * Secureworks Cited as a Leader in The Forrester Wave™Read the Report
*
* Contact Us
* Events & Webinars
* Blog
* Support
* Login
Close
0 Results Found
* PRODUCTS
* PRODUCTS, SERVICES & SOLUTIONS
* INSIGHTS
* ABOUT
* CONTACT
* OTHER
Back To Results
*
Close Try Taegis XDR
* Threat Profiles
* GOLD HERON
THREAT PROFILES
Search
Profiles (1)
Close Filters
THEMATIC AREAS
China
Cybercrime
India
Iran
North Korea
Pakistan
Palestine
Russia
South Korea
United States
Vietnam
OBJECTIVES
Botnet Operation and Sales
Business Email Compromise
Espionage
Financial Gain
Hacktivism
PCI Theft
Ransomware
Sabotage
Spam Delivery
Surveillance
CYBERCRIME
GOLD HERON
ObjectivesFinancial Gain, RansomwareAliasesToolsCobalt Strike, DoppelPaymer,
Dridex, PowerShell Empire
GOLD HERON is a group of financially motivated cybercriminals responsible for
the distribution of the DoppelPaymer and Grief ransomware families. CTU
researchers assess with moderate confidence that GOLD HERON is comprised of
former operators from the GOLD DRAKE threat group. At the time of the split,
GOLD DRAKE operated both the BitPaymer ransomware and Dridex botnet and GOLD
HERON is thought to be in possession of the source code for both malware
families. GOLD HERON adopted the name DoppelPaymer for their ransomware after
security researchers used the moniker to refer to it publicly. Intrusions
largely rely on the modified Dridex malware, colloquially referred to as Dridex
2.0, for both initial access and lateral movement. GOLD HERON uses spam emails,
sometimes delivered using the Cutwail v2 botnet, to deliver Dridex onto victims'
networks. Frequently, PowerShell Empire or Cobalt Strike are deployed into the
environment to augment the capabilities of Dridex.
Tools
Taegis™ XDR Adversary Software Coverage Tool
Detections and countermeasures for adversary tactics and techniques mapped to
MITRE ATT&CK v9
White Papers
The Impact of XDR in the Modern SOC
ESG research reveals what organizations want out of XDR
Webinars
Is XDR the Answer? Improving Your Security Program With or Without a SIEM
Discover how XDR can improve detection and response times, whether you use it as
a complement, or alternative to SIEM.
*
*
*
*
* Careers
* RSS Feed
* Email Subscription
* Sitemap
* Privacy Policy
* Supply Chain Transparency
* Terms & Conditions
* Accessibility Statement
* Dell Technologies
* Unsubscribe
* Cookie Settings
English
* 日本語
© 2021 Secureworks, Inc.