Diavol

Malware updated 23 days ago (2024-11-29T14:22:07.050Z)
Download STIX
Preview STIX
Diavol is a type of malware, specifically ransomware, that infiltrates systems to exploit and cause damage. It can infect systems through various channels such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Diavol can steal personal information, disrupt operations, or hold data hostage for ransom. A decryption tool has been developed by Emsisoft to combat this threat, with guides available for users to navigate the process of removing the ransomware from their systems. The group behind Diavol expanded its operations over time, developing and operating new forms of malware like BazarLoader and Anchor. These were used to gain a foothold in victim environments for subsequent ransomware attacks. The same actors also developed and operated the Ryuk, Conti, and Diavol ransomware operations. In one notable intrusion, a BazarLoader infection resulted in the deployment of Diavol Ransomware, showcasing the group's adaptability to the evolving ransomware economy. More recently, an attack was attempted using the same version of AdFind to deliver the Diavol payload. The group has also upgraded components of its operations, including web-inject and Virtual Network Computing modules, and possibly the new Diavol ransomware. Notably, researchers found links between the Karakurt and Diavol groups and Conti, revealing a network of malicious actors working together. Despite these advancements, some similarities have been noted in the ransom notes of different ransomware, suggesting potential red herrings planted by Diavol’s authors.
Description last updated: 2024-05-04T20:05:11.041Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Conti Malware is associated with Diavol. Conti is a type of malware, specifically ransomware, which is designed to infiltrate and damage computer systems. This malicious software can enter systems through various methods such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personaUnspecified
3
The Bazarloader Malware is associated with Diavol. BazarLoader is a type of malware developed by the TrickBot group, primarily used to gain initial access to a victim's infrastructure in ransomware attacks. This malware has been associated with various threat groups, including ITG23, which has used BazarLoader alongside other malware like Trickbot aUnspecified
3
The Bumblebee Malware is associated with Diavol. Bumblebee is a type of malware that has been linked to ITG23, a cyber threat group. Over the past year, it has been used in conjunction with other initial access malwares such as Emotet, IcedID, Qakbot, and Gozi during ITG23 attacks. The same values for self-signed certificates seen in Bumblebee havUnspecified
2
The Ryuk Malware is associated with Diavol. Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware invesUnspecified
2