Elbie

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Elbie is a variant of the Phobos malware, a malicious software designed to infiltrate and damage computer systems. It typically infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Based on our analysis, Elbie, along with Eking, Eight, Devos, and Faust, are the most common variants of Phobos, appearing frequently across the samples we analyzed. In early 2023, cybersecurity firm Talos observed an intrusion associated with the Elbie variant of Phobos. The threat actor in this instance targeted an organization's exchange server before moving laterally within the system. The attacker attempted to compromise additional server-side infrastructure including backup servers, database servers, and hypervisor hosts. This demonstrates the sophisticated tactics, techniques, and procedures employed by the threat actors using the Elbie variant. The Elbie variant, like other Phobos variants, uses various email domains for its operations. These include but are not limited to gmx.com, tutanota.com, aol.com, onionmail.org, protonmail.com, zohomail.eu, cock.li, and mailfence.com. In addition, some unique identifiers such as ICQ@HONESTHORSE and ICQ@VIRTUALHORSE were also linked to these intrusions. Recognizing these patterns in communication can help in detecting and mitigating threats posed by Elbie and other similar malware.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Devos
1
Devos is a variant of Phobos ransomware, a type of malware that infects systems and holds data hostage for ransom. It is closely linked to other variants such as Elking, Eight, Backmydata, and Faust ransomware due to similar Tactics, Techniques, and Procedures (TTPs) observed in their intrusions. Op
Phobos
1
Phobos is a type of malware, specifically a ransomware, that has been a significant cause for concern in the cyber security world. This malicious software infiltrates systems through dubious downloads, emails, or websites and can cause severe damage by stealing personal information, disrupting opera
Eking
1
Eking is a malware, specifically a variant of the Phobos ransomware family. Malware, or malicious software, is designed to infiltrate and damage computers without the users' consent. Eking can infect systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once insid
Faust
1
Faust is a newly discovered variant of the Phobos ransomware, an evolution of the Dharma/Crysis ransomware. It shares similar Tactics, Techniques, and Procedures (TTPs) with other variants such as Elking, Eight, Devos, and Backmydata, indicating a likely connection between them. Researchers from For
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Elbie Eking FaustUnspecified
1
None
Source Document References
Information about the Elbie Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Understanding the Phobos affiliate structure and activity