Devos

Malware updated 4 months ago (2024-05-04T19:22:50.331Z)

Download STIX

Preview STIX

Devos is a variant of Phobos ransomware, a type of malware that infects systems and holds data hostage for ransom. It is closely linked to other variants such as Elking, Eight, Backmydata, and Faust ransomware due to similar Tactics, Techniques, and Procedures (TTPs) observed in their intrusions. Open source reporting suggests that these variants, including Devos, are among the most common forms of Phobos ransomware based on frequency of appearance across analyzed samples. The affiliates of Devos, along with others like Eight, Elbie, Eking, and Faust, have been observed using various email providers, some of which include gmx[.]com, tutanota[.]com, aol[.]com, and protonmail[.]com. In addition to email, Devos affiliates have also used instant messaging applications like QQ[.]com, a Chinese platform, and ICQ, owned by a Russian company, for communication and possibly for coordinating attacks or sharing information. The Devos malware has been associated with numerous file extensions such as faust, actin, DIKE, Acton, and others. These extensions may be used to identify files that have been encrypted by the ransomware, marking them as inaccessible until a ransom is paid. It's important to note that this information is crucial for cybersecurity professionals aiming to protect systems from these types of threats and to develop effective countermeasures.

Description last updated: 2024-05-04T18:02:54.908Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Phobos	4	Phobos is a type of malware, specifically ransomware, that infiltrates computer systems with the intent to disrupt operations, steal personal information, or hold data hostage for ransom. The malicious software can infect devices through suspicious downloads, emails, or websites, often without the u
Faust	4	Faust is a newly discovered variant of the Phobos ransomware, an evolution of the Dharma/Crysis ransomware. It shares similar Tactics, Techniques, and Procedures (TTPs) with other variants such as Elking, Eight, Devos, and Backmydata, indicating a likely connection between them. Researchers from For
Elking	2	Elking is a type of malware, specifically a variant of the Phobos ransomware. Malware is a harmful program designed to exploit and damage computer systems, often infiltrating them via suspicious downloads, emails, or websites. Once inside a system, it can steal personal information, disrupt operatio
Eking	2	Eking is a malware, specifically a variant of the Phobos ransomware family. Malware, or malicious software, is designed to infiltrate and damage computers without the users' consent. Eking can infect systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once insid

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Devos Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	6 months ago	The Federal School Safety Commission in Six Key Takeaways \| #schoolsaftey \| National Cyber Security Consulting
CERT-EU	a year ago	Phobos Ransomware: Everything You Need to Know and More
CERT-EU	10 months ago	Understanding the Phobos affiliate structure and activity
Fortinet	7 months ago	Another Phobos Ransomware Variant Launches Attack – FAUST \| FortiGuard Labs
CERT-EU	10 months ago	Keynote Conversation: Backing the Mavericks and Mad Scientists the Nation Needs Now
CERT-EU	a year ago	Pentagon’s Secret Service Trawls Social Media for Mean Tweets About Generals
Securityaffairs	6 months ago	US cyber and law enforcement agencies warn of Phobos ransomware attacks
CISA	6 months ago	#StopRansomware: Phobos Ransomware \| CISA
CERT-EU	6 months ago	CISA & FBI Releases TTPs & IOCs Used by Phobos Ransomware Group \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	6 months ago	Ongoing Phobos ransomware threat prompts federal warning