Devos

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Devos is a variant of Phobos ransomware, a type of malware that infects systems and holds data hostage for ransom. It is closely linked to other variants such as Elking, Eight, Backmydata, and Faust ransomware due to similar Tactics, Techniques, and Procedures (TTPs) observed in their intrusions. Open source reporting suggests that these variants, including Devos, are among the most common forms of Phobos ransomware based on frequency of appearance across analyzed samples. The affiliates of Devos, along with others like Eight, Elbie, Eking, and Faust, have been observed using various email providers, some of which include gmx[.]com, tutanota[.]com, aol[.]com, and protonmail[.]com. In addition to email, Devos affiliates have also used instant messaging applications like QQ[.]com, a Chinese platform, and ICQ, owned by a Russian company, for communication and possibly for coordinating attacks or sharing information. The Devos malware has been associated with numerous file extensions such as faust, actin, DIKE, Acton, and others. These extensions may be used to identify files that have been encrypted by the ransomware, marking them as inaccessible until a ransom is paid. It's important to note that this information is crucial for cybersecurity professionals aiming to protect systems from these types of threats and to develop effective countermeasures.
What's your take? (Question 1 of 4)
61855784-1215-4732-8223-4750cb1bce6b Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Phobos
4
Phobos is a type of malware, specifically a ransomware that has been causing significant disruptions in the cyber world. The malicious software operates by infiltrating systems through suspicious downloads, emails, or websites without user awareness. Once inside, it can steal personal information, d
Faust
4
Faust is a newly discovered variant of the Phobos ransomware, an evolution of the Dharma/Crysis ransomware. It shares similar Tactics, Techniques, and Procedures (TTPs) with other variants such as Elking, Eight, Devos, and Backmydata, indicating a likely connection between them. Researchers from For
Elking
2
Elking is a type of malware, specifically a variant of the Phobos ransomware. Malware is a harmful program designed to exploit and damage computer systems, often infiltrating them via suspicious downloads, emails, or websites. Once inside a system, it can steal personal information, disrupt operatio
Eking
2
Eking is a malware, specifically a variant of the Phobos ransomware family. Malware, or malicious software, is designed to infiltrate and damage computers without the users' consent. Eking can infect systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once insid
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Devos Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
3 months ago
The Federal School Safety Commission in Six Key Takeaways | #schoolsaftey | National Cyber Security Consulting
CERT-EU
6 months ago
Understanding the Phobos affiliate structure and activity
CISA
3 months ago
#StopRansomware: Phobos Ransomware | CISA
CERT-EU
a year ago
Pentagon’s Secret Service Trawls Social Media for Mean Tweets About Generals
CERT-EU
7 months ago
Keynote Conversation: Backing the Mavericks and Mad Scientists the Nation Needs Now
Securityaffairs
3 months ago
US cyber and law enforcement agencies warn of Phobos ransomware attacks
CERT-EU
8 months ago
Phobos Ransomware: Everything You Need to Know and More
Fortinet
4 months ago
Another Phobos Ransomware Variant Launches Attack – FAUST | FortiGuard Labs
CERT-EU
3 months ago
CISA & FBI Releases TTPs & IOCs Used by Phobos Ransomware Group | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
3 months ago
Ongoing Phobos ransomware threat prompts federal warning