From 9707a5eb0e17d6b849fd0c167a3bec4d4bab9e0d Mon Sep 17 00:00:00 2001
From: rmkml <rmkml@yahoo.fr>
Date: Wed, 6 Nov 2019 20:41:43 +0100
Subject: [PATCH] Add DoppelPaymer Ransomware

---
 clusters/ransomware.json | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 9e47f79..edd6d72 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -13533,7 +13533,19 @@
       },
       "uuid": "4cea4448-1d3c-111a-40af-011d461260b4",
       "value": "Freeme"
+    },
+    {
+      "description": "We have dubbed this new ransomware DoppelPaymer because it shares most of its code with the BitPaymer ransomware operated by INDRIK SPIDER. However, there are a number of differences between DoppelPaymer and BitPaymer, which may signify that one or more members of INDRIK SPIDER have split from the group and forked the source code of both Dridex and BitPaymer to start their own Big Game Hunting ransomware operation.",
+      "meta": {
+        "encryption": "AES",
+        "refs": [
+          "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/",
+          "https://malpedia.caad.fkie.fraunhofer.de/details/win.doppelpaymer"
+        ]
+      },
+      "uuid": "5cea5548-1e3c-222a-3faf-022d461260b5",
+      "value": "DoppelPaymer"
     }
   ],
-  "version": 69
+  "version": 70
 }