Diavol

Description

A ransomware with potential ties to Wizard Spider.

External Analysis
https://arcticwolf.com/resources/blog/karakurt-web
https://chuongdong.com/reverse%20engineering/2021/12/17/DiavolRansomware/
https://heimdalsecurity.com/blog/is-diavol-ransomware-connected-to-wizard-spider/
https://medium.com/walmartglobaltech/diavol-resurfaces-91dd93c7d922
https://medium.com/walmartglobaltech/diavol-the-enigma-of-ransomware-1fd78ffda648
https://securityintelligence.com/posts/analysis-of-diavol-ransomware-link-trickbot-gang/
https://thedfirreport.com/2021/12/13/diavol-ransomware/
https://www.binarydefense.com/threat_watch/new-ransomware-diavol-being-dropped-by-trickbot/
https://www.bleepingcomputer.com/news/security/diavol-ransomware-sample-shows-stronger-connection-to-trickbot-gang/
https://www.bleepingcomputer.com/news/security/fbi-links-diavol-ransomware-to-the-trickbot-cybercrime-group/
https://www.bleepingcomputer.com/news/security/trickbot-gang-developer-arrested-when-trying-to-leave-korea/
https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider
https://www.ic3.gov/Media/News/2022/220120.pdf
https://www.scythe.io/library/adversary-emulation-diavol-ransomware-threatthursday
Urls
Screen
File servers
Screen
Chat servers
Screen
https://7ypnbv3snejqmgce4kbewwvym4cm5j6lkzf2hra2hyhtsvwjaxwipkyd.onion
Screen