Devos

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

Devos is a variant of Phobos ransomware, a type of malware that infects systems and holds data hostage for ransom. It is closely linked to other variants such as Elking, Eight, Backmydata, and Faust ransomware due to similar Tactics, Techniques, and Procedures (TTPs) observed in their intrusions. Open source reporting suggests that these variants, including Devos, are among the most common forms of Phobos ransomware based on frequency of appearance across analyzed samples. The affiliates of Devos, along with others like Eight, Elbie, Eking, and Faust, have been observed using various email providers, some of which include gmx[.]com, tutanota[.]com, aol[.]com, and protonmail[.]com. In addition to email, Devos affiliates have also used instant messaging applications like QQ[.]com, a Chinese platform, and ICQ, owned by a Russian company, for communication and possibly for coordinating attacks or sharing information. The Devos malware has been associated with numerous file extensions such as faust, actin, DIKE, Acton, and others. These extensions may be used to identify files that have been encrypted by the ransomware, marking them as inaccessible until a ransom is paid. It's important to note that this information is crucial for cybersecurity professionals aiming to protect systems from these types of threats and to develop effective countermeasures.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Phobos	4	Phobos is a type of malware, specifically a ransomware, that has been a significant cause for concern in the cyber security world. This malicious software infiltrates systems through dubious downloads, emails, or websites and can cause severe damage by stealing personal information, disrupting opera
Faust	4	Faust is a newly discovered variant of the Phobos ransomware, an evolution of the Dharma/Crysis ransomware. It shares similar Tactics, Techniques, and Procedures (TTPs) with other variants such as Elking, Eight, Devos, and Backmydata, indicating a likely connection between them. Researchers from For
Elking	2	Elking is a type of malware, specifically a variant of the Phobos ransomware. Malware is a harmful program designed to exploit and damage computer systems, often infiltrating them via suspicious downloads, emails, or websites. Once inside a system, it can steal personal information, disrupt operatio
Eking	2	Eking is a malware, specifically a variant of the Phobos ransomware family. Malware, or malicious software, is designed to infiltrate and damage computers without the users' consent. Eking can infect systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once insid
Backmydata	1	Backmydata is a variant of the Phobos ransomware family, a malicious software (malware) designed to exploit and damage computer systems. It has been used in sophisticated cyber-attacks on healthcare entities, notably hospitals. The landscape of such attacks is evolving, with groups like RansomHouse,
Elbie	1	Elbie is a variant of the Phobos malware, a malicious software designed to infiltrate and damage computer systems. It typically infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Based on our anal

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

School

Ddos

Phishing

Federal

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Ghost	Unspecified	1	Ghost is a type of malware, or malicious software, that infiltrates systems to exploit and cause damage. It is often disseminated through suspicious downloads, emails, or websites, and can steal personal information, disrupt operations, or hold data hostage for ransom. In 2020, there were plans for

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Elbie Eking Faust	Unspecified	1	None

Source Document References

Information about the Devos Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	5 months ago	The Federal School Safety Commission in Six Key Takeaways \| #schoolsaftey \| National Cyber Security Consulting
CERT-EU	10 months ago	Phobos Ransomware: Everything You Need to Know and More
CERT-EU	8 months ago	Understanding the Phobos affiliate structure and activity
Fortinet	6 months ago	Another Phobos Ransomware Variant Launches Attack – FAUST \| FortiGuard Labs
CERT-EU	9 months ago	Keynote Conversation: Backing the Mavericks and Mad Scientists the Nation Needs Now
CERT-EU	a year ago	Pentagon’s Secret Service Trawls Social Media for Mean Tweets About Generals
Securityaffairs	5 months ago	US cyber and law enforcement agencies warn of Phobos ransomware attacks
CISA	5 months ago	#StopRansomware: Phobos Ransomware \| CISA
CERT-EU	5 months ago	CISA & FBI Releases TTPs & IOCs Used by Phobos Ransomware Group \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	5 months ago	Ongoing Phobos ransomware threat prompts federal warning