S0659Windows

S0659Diavol

Platforms
1
ATT&CK
14.1
References
4

Description

[Diavol](https://attack.mitre.org/software/S0659) is a ransomware variant first observed in June 2021 that is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker. [Diavol](https://attack.mitre.org/software/S0659) has been deployed by [Bazar](https://attack.mitre.org/software/S0534) and is thought to have potential ties to [Wizard Spider](https://attack.mitre.org/groups/G0102).(Citation: Fortinet Diavol July 2021)(Citation: FBI Flash Diavol January 2022)(Citation: DFIR Diavol Ransomware December 2021)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupWizard Spiderg0102100%live

References

  1. https://attack.mitre.org/software/S0659
  2. https://thedfirreport.com/2021/12/13/diavol-ransomware/
  3. https://www.ic3.gov/Media/News/2022/220120.pdf
  4. https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Dablio Ransomware
Software
Dviide
Software
Sifreli 2019
Software
WastedLocker
Software
DilmaLocker
Software
Bazar
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.