Diavol
Description
A ransomware with potential ties to Wizard Spider.
External Analysis |
https://arcticwolf.com/resources/blog/karakurt-web |
https://chuongdong.com/reverse%20engineering/2021/12/17/DiavolRansomware/ |
https://heimdalsecurity.com/blog/is-diavol-ransomware-connected-to-wizard-spider/ |
https://medium.com/walmartglobaltech/diavol-resurfaces-91dd93c7d922 |
https://medium.com/walmartglobaltech/diavol-the-enigma-of-ransomware-1fd78ffda648 |
https://securityintelligence.com/posts/analysis-of-diavol-ransomware-link-trickbot-gang/ |
https://thedfirreport.com/2021/12/13/diavol-ransomware/ |
https://www.binarydefense.com/threat_watch/new-ransomware-diavol-being-dropped-by-trickbot/ |
https://www.bleepingcomputer.com/news/security/diavol-ransomware-sample-shows-stronger-connection-to-trickbot-gang/ |
https://www.bleepingcomputer.com/news/security/fbi-links-diavol-ransomware-to-the-trickbot-cybercrime-group/ |
https://www.bleepingcomputer.com/news/security/trickbot-gang-developer-arrested-when-trying-to-leave-korea/ |
https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider |
https://www.ic3.gov/Media/News/2022/220120.pdf |
https://www.scythe.io/library/adversary-emulation-diavol-ransomware-threatthursday |
Chat servers |
Screen |
https://7ypnbv3snejqmgce4kbewwvym4cm5j6lkzf2hra2hyhtsvwjaxwipkyd.onion |
Screen |