Devos

Malware updated 5 days ago (2024-11-29T14:26:28.399Z)

Download STIX

Preview STIX

Devos is a variant of the Phobos ransomware, a type of malicious software designed to exploit and damage computer systems. According to open-source reports, Devos is likely connected to numerous other variants such as Elking, Eight, Backmydata, and Faust due to similar Tactics, Techniques, and Procedures (TTPs) observed in Phobos intrusions. In addition to Devos, Eking, Eight, Elbie, and Faust are the most common Phobos variants, appearing most frequently across analyzed samples. These variants can infiltrate systems through suspicious downloads, emails, or websites, often without user knowledge, and then proceed to steal personal information, disrupt operations, or hold data for ransom. The affiliates of Devos have been observed using various email providers, with QQ[.]com, a Chinese instant messaging application, and ICQ, an instant messaging service owned by a Russian company, being the most notable ones. The broad range of email domains used by these affiliates suggests a complex and wide-reaching infrastructure supporting their activities. Furthermore, it was noted that Devos and its affiliates also use a variety of file extensions, including but not limited to 'faust', 'actin', 'DIKE', 'Acuna', 'fullz', 'GrafGrafel', 'kmrox', 's0m1n', 'qos', 'cg', and 'ext'. This diversity in file extensions further demonstrates the adaptability and sophistication of this malware variant. In March 2024, the US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a joint cybersecurity advisory to warn of attacks involving Phobos ransomware variants like Devos, Eight, Elking, and Faust. This advisory indicates the serious threat these ransomware variants pose to cybersecurity and emphasizes the need for robust protective measures against them. The ongoing activities of Devos and its affiliates highlight the persistent and evolving nature of cyber threats in our increasingly digital world.

Description last updated: 2024-11-21T10:25:30.083Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Phobos is a possible alias for Devos. Phobos is a form of malware, specifically ransomware, that has been active since May 2019. The operation utilizes a ransomware-as-a-service (RaaS) model and is responsible for numerous cyber attacks worldwide. Threat actors behind Phobos gained initial access to vulnerable networks through phishing	4
Faust is a possible alias for Devos. Faust is a variant of the Phobos ransomware family, which has been linked to several other variants such as Elking, Eight, Devos, and Backmydata due to similarities in their tactics, techniques, and procedures (TTPs). The malware, Faust, represents a malicious software designed to exploit and damage	4
Elking is a possible alias for Devos. Elking is a type of malware, specifically a variant of the Phobos ransomware. Phobos itself is an evolution of the Dharma/Crysis ransomware and is connected to several other variants, including Elking, Eight, Devos, Backmydata, and Faust ransomware. This connection is established based on the simila	2
Eking is a possible alias for Devos. Eking is a malware, specifically a variant of the Phobos ransomware family. Malware, or malicious software, is designed to infiltrate and damage computers without the users' consent. Eking can infect systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once insid	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Devos Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	13 days ago	Phobos Ransomware admin faces cybercrime charges
CERT-EU	9 months ago	The Federal School Safety Commission in Six Key Takeaways \| #schoolsaftey \| National Cyber Security Consulting
CERT-EU	a year ago	Phobos Ransomware: Everything You Need to Know and More
CERT-EU	a year ago	Understanding the Phobos affiliate structure and activity
Fortinet	10 months ago	Another Phobos Ransomware Variant Launches Attack – FAUST \| FortiGuard Labs
CERT-EU	a year ago	Keynote Conversation: Backing the Mavericks and Mad Scientists the Nation Needs Now
CERT-EU	a year ago	Pentagon’s Secret Service Trawls Social Media for Mean Tweets About Generals
Securityaffairs	9 months ago	US cyber and law enforcement agencies warn of Phobos ransomware attacks
CISA	9 months ago	#StopRansomware: Phobos Ransomware \| CISA
CERT-EU	9 months ago	CISA & FBI Releases TTPs & IOCs Used by Phobos Ransomware Group \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	9 months ago	Ongoing Phobos ransomware threat prompts federal warning