Dev-0832

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Dev-0832 is a malicious software (malware) that has been observed in multiple compromises, notably impacting the US education sector. The malware infiltrates systems via suspicious downloads, emails, or websites, and once installed, it can steal personal information, disrupt operations, or hold data hostage for ransom. A specific command "powershell.exe ntdsutil.exe 'ac i ntds' ifm 'create full c:\temp_l0gs' q q" has been identified in numerous breaches associated with Dev-0832. Microsoft reported this PowerShell command being leveraged in Vice Society compromises by the same cluster, highlighting its widespread use. There is an evident correlation between the activities of Vice Society (identified as DEV-0832) and the deployment of Rhysida ransomware. This connection was drawn after observing similar patterns of compromise and exploitation. Rhysida ransomware is known for its destructive capabilities, making this link particularly concerning for targeted sectors. Open source reporting has confirmed similarities between Vice Society (DEV-0832) activity and the actors deploying Rhysida ransomware. Furthermore, there is evidence that Rhysida actors operate in a ransomware-as-a-service (RaaS) model. In this model, ransomware tools and infrastructure are leased out, allowing other malicious actors to carry out attacks under a profit-sharing agreement. This revelation underscores the sophisticated nature of these cyber threats and the need for robust cybersecurity measures.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dev-0832 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
6 months ago
Same threats, different ransomware
CERT-EU
6 months ago
Welsh Company Owens Group Falls Victim to Devastating Breach After Cyberattack From 'Dark Web'
CERT-EU
6 months ago
Slovenian power company hit by ransomware - Help Net Security