Elking

Malware updated 7 days ago (2024-11-29T13:36:45.940Z)
Download STIX
Preview STIX
Elking is a type of malware, specifically a variant of the Phobos ransomware. Phobos itself is an evolution of the Dharma/Crysis ransomware and is connected to several other variants, including Elking, Eight, Devos, Backmydata, and Faust ransomware. This connection is established based on the similar Tactics, Techniques, and Procedures (TTPs) observed in intrusions by these various types of ransomware. Malware like Elking can infiltrate systems via dubious downloads, emails, or websites, often unbeknownst to the user, and can cause significant harm by stealing personal information, disrupting operations, or holding data hostage for ransom. In March 2024, US government agencies including the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a joint cybersecurity advisory (CSA) to warn of attacks involving Phobos ransomware and its associated variants, such as Elking. According to the FBI and CISA, Phobos ransomware operates in conjunction with various open-source tools such as Smokeloader, Cobalt Strike, and Bloodhound, which further complicates the threat landscape. The advisory came after increasing instances of attacks linked to these ransomware variants were reported. The alert aimed at raising awareness among organizations and individuals about the potential threats posed by these malicious software variants and advising them on appropriate preventive measures. The shared TTPs among these ransomware variants underline the importance of comprehensive cybersecurity measures to protect against a range of interconnected threats.
Description last updated: 2024-11-21T10:25:32.088Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Phobos is a possible alias for Elking. Phobos is a form of malware, specifically ransomware, that has been active since May 2019. The operation utilizes a ransomware-as-a-service (RaaS) model and is responsible for numerous cyber attacks worldwide. Threat actors behind Phobos gained initial access to vulnerable networks through phishing
3
Faust is a possible alias for Elking. Faust is a variant of the Phobos ransomware family, which has been linked to several other variants such as Elking, Eight, Devos, and Backmydata due to similarities in their tactics, techniques, and procedures (TTPs). The malware, Faust, represents a malicious software designed to exploit and damage
3
Devos is a possible alias for Elking. Devos is a variant of the Phobos ransomware, a type of malicious software designed to exploit and damage computer systems. According to open-source reports, Devos is likely connected to numerous other variants such as Elking, Eight, Backmydata, and Faust due to similar Tactics, Techniques, and Proce
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.