Dev-0832

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Dev-0832 is a malicious software (malware) that has been observed in multiple compromises, notably impacting the US education sector. The malware infiltrates systems via suspicious downloads, emails, or websites, and once installed, it can steal personal information, disrupt operations, or hold data hostage for ransom. A specific command "powershell.exe ntdsutil.exe 'ac i ntds' ifm 'create full c:\temp_l0gs' q q" has been identified in numerous breaches associated with Dev-0832. Microsoft reported this PowerShell command being leveraged in Vice Society compromises by the same cluster, highlighting its widespread use. There is an evident correlation between the activities of Vice Society (identified as DEV-0832) and the deployment of Rhysida ransomware. This connection was drawn after observing similar patterns of compromise and exploitation. Rhysida ransomware is known for its destructive capabilities, making this link particularly concerning for targeted sectors. Open source reporting has confirmed similarities between Vice Society (DEV-0832) activity and the actors deploying Rhysida ransomware. Furthermore, there is evidence that Rhysida actors operate in a ransomware-as-a-service (RaaS) model. In this model, ransomware tools and infrastructure are leased out, allowing other malicious actors to carry out attacks under a profit-sharing agreement. This revelation underscores the sophisticated nature of these cyber threats and the need for robust cybersecurity measures.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Rhysida Ransomware
1
Rhysida ransomware is a type of malicious software that has been causing significant disruptions worldwide. The malware, which infiltrates systems via suspicious downloads, emails, or websites, is designed to exploit and damage computers or devices. Once inside, it can steal personal information, di
Vice Society
1
Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
RaaS
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RhysidaUnspecified
1
Rhysida, a threat actor known for executing malicious cyber activities, has been responsible for numerous ransomware attacks. The group has primarily targeted businesses and healthcare organizations, with notable instances including a disruptive attack on Ann & Robert H. Lurie Children's Hospital of
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dev-0832 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Welsh Company Owens Group Falls Victim to Devastating Breach After Cyberattack From 'Dark Web'
CERT-EU
8 months ago
Same threats, different ransomware
CERT-EU
8 months ago
Slovenian power company hit by ransomware - Help Net Security