Elking

Malware updated 4 months ago (2024-05-04T19:00:31.962Z)

Download STIX

Preview STIX

Elking is a type of malware, specifically a variant of the Phobos ransomware. Malware is a harmful program designed to exploit and damage computer systems, often infiltrating them via suspicious downloads, emails, or websites. Once inside a system, it can steal personal information, disrupt operations, or hold data hostage for ransom. Elking, along with other variants such as Eight, Devos, Backmydata, and Faust, is believed to be connected to Phobos ransomware due to similar tactics, techniques, and procedures (TTPs) observed in their intrusions. Phobos ransomware is an evolution of Dharma/Crysis ransomware. According to open-source reporting, it is likely linked to numerous variants, including Elking. This connection is suggested by the similar TTPs observed in related intrusions. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have noted that Phobos ransomware operates in conjunction with various open-source tools such as Smokeloader, Cobalt Strike, and Bloodhound. In response to the threat posed by these ransomware variants, the US CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a joint cybersecurity advisory. This advisory warned of attacks involving Phobos ransomware and its associated variants, including Elking. The advisory serves to inform and protect organizations from potential cyber threats associated with these malicious programs.

Description last updated: 2024-05-04T18:02:47.715Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Phobos	3	Phobos is a type of malware, specifically ransomware, that infiltrates computer systems with the intent to disrupt operations, steal personal information, or hold data hostage for ransom. The malicious software can infect devices through suspicious downloads, emails, or websites, often without the u
Faust	3	Faust is a newly discovered variant of the Phobos ransomware, an evolution of the Dharma/Crysis ransomware. It shares similar Tactics, Techniques, and Procedures (TTPs) with other variants such as Elking, Eight, Devos, and Backmydata, indicating a likely connection between them. Researchers from For
Devos	2	Devos is a variant of Phobos ransomware, a type of malware that infects systems and holds data hostage for ransom. It is closely linked to other variants such as Elking, Eight, Backmydata, and Faust ransomware due to similar Tactics, Techniques, and Procedures (TTPs) observed in their intrusions. Op

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Elking Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	6 months ago	Critical Infrastructure Organizations Warned of Phobos Ransomware Attacks
Securityaffairs	6 months ago	US cyber and law enforcement agencies warn of Phobos ransomware attacks
CERT-EU	6 months ago	Response to CISA Advisory (AA24-060A): #StopRansomware: Phobos Ransomware
CERT-EU	6 months ago	Response to CISA Advisory (AA24-060A): #StopRansomware: Phobos Ransomware \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	6 months ago	SafeBreach Coverage for AA24-060A (Phobos Ransomware) and AA24-060B (Ivanti Connect Secure)
CISA	6 months ago	#StopRansomware: Phobos Ransomware \| CISA
CERT-EU	6 months ago	CISA Warns Phobos Ransomware Groups Attacking Critical Infrastructure \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting