Eking

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Eking is a malware, specifically a variant of the Phobos ransomware family. Malware, or malicious software, is designed to infiltrate and damage computers without the users' consent. Eking can infect systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. The Eking variant, along with Eight, Elbie, Devos, and Faust, are among the most common Phobos variants based on the frequency of their appearance across analyzed samples. The cybersecurity research team at FortiGuard Labs has captured and reported several instances of Eking and other Phobos ransomware variants. Their deep analysis of these threats provides valuable insights into their behavior and potential countermeasures. Eking, in particular, has been extensively studied by FortiGuard Labs, as evidenced by their detailed reports available online. Moreover, the malware commonly communicates via numerous email providers, including but not limited to gmx[.]com, tutanota[.]com, aol[.]com, protonmail[.]com, and gmail[.]com, making detection and tracking more challenging. The Eking malware is associated with an extensive list of file extensions including, but not limited to, faust, actin, DIKE, Acton, actor, Acuff, FILE, Acuna, fullz, MMXXII, GrafGrafel, kmrox, s0m1n, qos, cg, ext, rdptest, S0va, 6y8dghklp, SHTORM, NURRI, GHOST, FF6OM6, blue, NX, BACKJOHN, OWN, FS23, 2QZ3, top, blackrock, CHCRBO, G-STARS, faust, unknown, STEEL, worry, WIN, duck, fopra, unique, acute, adage, make, Adair, MLF, magic, Adame, banhu, banjo, Banks, Banta, Barak, Caleb, Cales, Caley, calix, Calle, Calum, Calvo, deuce, Dever, devil, Devoe, Devon, Devos, dewar, eight, eject, eking, Elbie, elbow, elder, phobos, help, blend, bqux, com, mamba, KARLOS, DDoS, phoenix, PLUT, karma, bbc, capital, wallet, lks, tech, s1g2n3a4l, murk, makop, ebaka, jook, logan, fiasko, gucci, decrypt, ooh, non, grt, lizard, flscrypt, sdk, 2023, and vhdv. This extensive list of associated file extensions underscores the broad reach and potential impact of Eking malware.
What's your take? (Question 1 of 2)
f1012e77-af22-4c50-bf4c-be20d73ea44d Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Devos
2
Devos is a variant of Phobos ransomware, a type of malware that infects systems and holds data hostage for ransom. It is closely linked to other variants such as Elking, Eight, Backmydata, and Faust ransomware due to similar Tactics, Techniques, and Procedures (TTPs) observed in their intrusions. Op
Phobos
2
Phobos is a type of malware, specifically a ransomware that has been causing significant disruptions in the cyber world. The malicious software operates by infiltrating systems through suspicious downloads, emails, or websites without user awareness. Once inside, it can steal personal information, d
Faust
2
Faust is a newly discovered variant of the Phobos ransomware, an evolution of the Dharma/Crysis ransomware. It shares similar Tactics, Techniques, and Procedures (TTPs) with other variants such as Elking, Eight, Devos, and Backmydata, indicating a likely connection between them. Researchers from For
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Eking Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
6 months ago
Understanding the Phobos affiliate structure and activity
Fortinet
4 months ago
Another Phobos Ransomware Variant Launches Attack – FAUST | FortiGuard Labs
CERT-EU
8 months ago
Phobos Ransomware: Everything You Need to Know and More