ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > List all tools > List all groups using tool BitPaymer

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: BitPaymer

TypeRansomware, Credential stealer, Big Game Hunting
Description(IBM) The submitted file is a custom packed BitPaymer ransomware loader that is designed to run on Windows 7 or above or any version of Windows server. The loader uses Alternate Data Streams to hide its tracks and service hijacking to maintain persistence. The loader uses RC4 to decrypt its configuration data.

The BitPaymer ransomware is used to encrypt files based on the settings from the configuration data. It has the ability to encrypt local and remote disks and can whitelist various file types that are not to be encrypted. The ransom note follows the same general outline as that of other ransomware families; however, BitPaymer is customized to the company or victim being attacked and contains their names in the configuration data itself.
AlienVault OTX<>

Last change to this tool card: 14 July 2020

Download this tool card in JSON format

All groups using tool BitPaymer


APT groups

 Indrik SpiderRussia2014-Dec 2021X

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]