Diavol

Malware updated 7 months ago (2024-05-04T20:18:52.307Z)

Download STIX

Preview STIX

Diavol is a type of malware, specifically ransomware, that infiltrates systems to exploit and cause damage. It can infect systems through various channels such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Diavol can steal personal information, disrupt operations, or hold data hostage for ransom. A decryption tool has been developed by Emsisoft to combat this threat, with guides available for users to navigate the process of removing the ransomware from their systems. The group behind Diavol expanded its operations over time, developing and operating new forms of malware like BazarLoader and Anchor. These were used to gain a foothold in victim environments for subsequent ransomware attacks. The same actors also developed and operated the Ryuk, Conti, and Diavol ransomware operations. In one notable intrusion, a BazarLoader infection resulted in the deployment of Diavol Ransomware, showcasing the group's adaptability to the evolving ransomware economy. More recently, an attack was attempted using the same version of AdFind to deliver the Diavol payload. The group has also upgraded components of its operations, including web-inject and Virtual Network Computing modules, and possibly the new Diavol ransomware. Notably, researchers found links between the Karakurt and Diavol groups and Conti, revealing a network of malicious actors working together. Despite these advancements, some similarities have been noted in the ransom notes of different ransomware, suggesting potential red herrings planted by Diavol’s authors.

Description last updated: 2024-05-04T20:05:11.041Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Ransom

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Conti Malware is associated with Diavol. Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. Often spreading through suspicious downloads, emails, or websites, it can steal personal information, disrupt operations, or hold data hostage for ransom. Notably, Conti was linked to several ra	Unspecified	3
The Bazarloader Malware is associated with Diavol. BazarLoader is a type of malware developed by the TrickBot group, primarily used to gain initial access to a victim's infrastructure in ransomware attacks. This malware has been associated with various threat groups, including ITG23, which has used BazarLoader alongside other malware like Trickbot a	Unspecified	3
The Bumblebee Malware is associated with Diavol. Bumblebee is a type of malware that has been linked to ITG23, a cyber threat group. Over the past year, it has been used in conjunction with other initial access malwares such as Emotet, IcedID, Qakbot, and Gozi during ITG23 attacks. The same values for self-signed certificates seen in Bumblebee hav	Unspecified	2
The Ryuk Malware is associated with Diavol. Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves	Unspecified	2

Source Document References

Information about the Diavol Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
MITRE	a year ago	Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds
SecurityIntelligence.com	a year ago	ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
CERT-EU	a year ago	200+ Free Ransomware Decryption Tools You Need [2022 List]
CERT-EU	a year ago	Akira Ransomware Racks Up at Least 63 Victims in 4 Months
SecurityIntelligence.com	a year ago	The Trickbot/Conti Crypters: Where Are They Now?
MITRE	2 years ago	Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem
MITRE	2 years ago	Exposing initial access broker with ties to Conti
MITRE	2 years ago	This isn't Optimus Prime's Bumblebee but it's Still Transforming \| Proofpoint US
MITRE	2 years ago	Diavol - A New Ransomware Used By Wizard Spider? \| Fortinet
MITRE	2 years ago	Diavol Ransomware
CERT-EU	2 years ago	UK cracks down on ransomware actors \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware - National Cyber Security
CERT-EU	2 years ago	No Ransomware Please, We're British \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware - National Cyber Security
CERT-EU	2 years ago	Cyber security week in review: April 28, 2023