Devos

Malware updated 5 months ago (2024-05-04T19:22:50.331Z)
Download STIX
Preview STIX
Devos is a variant of Phobos ransomware, a type of malware that infects systems and holds data hostage for ransom. It is closely linked to other variants such as Elking, Eight, Backmydata, and Faust ransomware due to similar Tactics, Techniques, and Procedures (TTPs) observed in their intrusions. Open source reporting suggests that these variants, including Devos, are among the most common forms of Phobos ransomware based on frequency of appearance across analyzed samples. The affiliates of Devos, along with others like Eight, Elbie, Eking, and Faust, have been observed using various email providers, some of which include gmx[.]com, tutanota[.]com, aol[.]com, and protonmail[.]com. In addition to email, Devos affiliates have also used instant messaging applications like QQ[.]com, a Chinese platform, and ICQ, owned by a Russian company, for communication and possibly for coordinating attacks or sharing information. The Devos malware has been associated with numerous file extensions such as faust, actin, DIKE, Acton, and others. These extensions may be used to identify files that have been encrypted by the ransomware, marking them as inaccessible until a ransom is paid. It's important to note that this information is crucial for cybersecurity professionals aiming to protect systems from these types of threats and to develop effective countermeasures.
Description last updated: 2024-05-04T18:02:54.908Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Phobos is a possible alias for Devos. Phobos is a type of malware, specifically ransomware, that has been causing significant cybersecurity concerns. Ransomware is a malicious software that infects systems, often without the user's knowledge, via suspicious downloads, emails, or websites. Once inside, it can disrupt operations and hold
4
Faust is a possible alias for Devos. Faust is a newly discovered variant of the Phobos ransomware, an evolution of the Dharma/Crysis ransomware. It shares similar Tactics, Techniques, and Procedures (TTPs) with other variants such as Elking, Eight, Devos, and Backmydata, indicating a likely connection between them. Researchers from For
4
Elking is a possible alias for Devos. Elking is a type of malware, specifically a variant of the Phobos ransomware. Malware is a harmful program designed to exploit and damage computer systems, often infiltrating them via suspicious downloads, emails, or websites. Once inside a system, it can steal personal information, disrupt operatio
2
Eking is a possible alias for Devos. Eking is a malware, specifically a variant of the Phobos ransomware family. Malware, or malicious software, is designed to infiltrate and damage computers without the users' consent. Eking can infect systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once insid
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.