Dev-0832

Malware updated a month ago (2024-11-29T14:09:02.568Z)
Download STIX
Preview STIX
Dev-0832 is a malicious software (malware) that has been observed in multiple compromises, notably impacting the US education sector. The malware infiltrates systems via suspicious downloads, emails, or websites, and once installed, it can steal personal information, disrupt operations, or hold data hostage for ransom. A specific command "powershell.exe ntdsutil.exe 'ac i ntds' ifm 'create full c:\temp_l0gs' q q" has been identified in numerous breaches associated with Dev-0832. Microsoft reported this PowerShell command being leveraged in Vice Society compromises by the same cluster, highlighting its widespread use. There is an evident correlation between the activities of Vice Society (identified as DEV-0832) and the deployment of Rhysida ransomware. This connection was drawn after observing similar patterns of compromise and exploitation. Rhysida ransomware is known for its destructive capabilities, making this link particularly concerning for targeted sectors. Open source reporting has confirmed similarities between Vice Society (DEV-0832) activity and the actors deploying Rhysida ransomware. Furthermore, there is evidence that Rhysida actors operate in a ransomware-as-a-service (RaaS) model. In this model, ransomware tools and infrastructure are leased out, allowing other malicious actors to carry out attacks under a profit-sharing agreement. This revelation underscores the sophisticated nature of these cyber threats and the need for robust cybersecurity measures.
Description last updated: 2023-11-29T08:10:59.182Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Dev-0832 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more