SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.revil (Back to overview)

REvil


ELF version of win.revil targeting VMware ESXi hypervisors.

References
2021-07-19EllipticElliptic
@online{elliptic:20210719:revil:12b16d1, author = {Elliptic}, title = {{REvil Revealed - Tracking a Ransomware Negotiation and Payment}}, date = {2021-07-19}, organization = {Elliptic}, url = {https://www.elliptic.co/blog/revil-revealed-tracking-ransomware-negotiation-and-payment}, language = {English}, urldate = {2021-07-20} } REvil Revealed - Tracking a Ransomware Negotiation and Payment
REvil REvil
2021-07-13Threat PostLisa Vaas
@online{vaas:20210713:ransomware:d88e024, author = {Lisa Vaas}, title = {{Ransomware Giant REvil’s Sites Disappear}}, date = {2021-07-13}, organization = {Threat Post}, url = {https://threatpost.com/ransomware-revil-sites-disappears/167745/}, language = {English}, urldate = {2021-07-20} } Ransomware Giant REvil’s Sites Disappear
REvil REvil
2021-07-05Github (f0wl)Marius Genheimer
@online{genheimer:20210705:revil:7f67df1, author = {Marius Genheimer}, title = {{REvil Linux Configuration Extractor}}, date = {2021-07-05}, organization = {Github (f0wl)}, url = {https://github.com/f0wl/REconfig-linux}, language = {English}, urldate = {2021-07-05} } REvil Linux Configuration Extractor
REvil
2021-07-04CISAUS-CERT
@online{uscert:20210704:cisafbi:1e199f1, author = {US-CERT}, title = {{CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack}}, date = {2021-07-04}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa}, language = {English}, urldate = {2021-07-09} } CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
REvil REvil
2021-07-03Cybleinccybleinc
@online{cybleinc:20210703:uncensored:f43cf7f, author = {cybleinc}, title = {{Uncensored Interview with REvil / Sodinokibi Ransomware Operators}}, date = {2021-07-03}, organization = {Cybleinc}, url = {https://cybleinc.com/2021/07/03/uncensored-interview-with-revil-sodinokibi-ransomware-operators/}, language = {English}, urldate = {2021-07-11} } Uncensored Interview with REvil / Sodinokibi Ransomware Operators
REvil REvil
2021-07-01ThreatpostTom Spring
@online{spring:20210701:linux:2584acf, author = {Tom Spring}, title = {{Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices}}, date = {2021-07-01}, organization = {Threatpost}, url = {https://threatpost.com/linux-variant-ransomware-vmwares-nas/167511/}, language = {English}, urldate = {2021-07-02} } Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices
REvil
2021-07-01AT&T CybersecurityOfer Caspi, Fernando Martinez
@online{caspi:20210701:revils:20b42ae, author = {Ofer Caspi and Fernando Martinez}, title = {{REvil’s new Linux version}}, date = {2021-07-01}, organization = {AT&T Cybersecurity}, url = {https://cybersecurity.att.com/blogs/labs-research/revils-new-linux-version}, language = {English}, urldate = {2021-07-02} } REvil’s new Linux version
REvil REvil
2021-07-01DomainToolsChad Anderson
@online{anderson:20210701:most:39f64b8, author = {Chad Anderson}, title = {{The Most Prolific Ransomware Families: A Defenders Guide}}, date = {2021-07-01}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/the-most-prolific-ransomware-families-a-defenders-guide}, language = {English}, urldate = {2021-07-11} } The Most Prolific Ransomware Families: A Defenders Guide
REvil Conti Egregor Maze REvil
2021-06-29Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210629:linux:1b5367c, author = {Vitali Kremez}, title = {{Tweet on Linux version of REvil ransomware}}, date = {2021-06-29}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1409601311092490248?s=20}, language = {English}, urldate = {2021-06-29} } Tweet on Linux version of REvil ransomware
REvil
2021-06-29YouTube (C. Beek)Christiaan Beek
@online{beek:20210629:demo:2cbd075, author = {Christiaan Beek}, title = {{Demo of REvil/Sodinokibi Linux variant encrypting a Linux system}}, date = {2021-06-29}, organization = {YouTube (C. Beek)}, url = {https://www.youtube.com/watch?v=ptbNMlWxYnE}, language = {English}, urldate = {2021-06-29} } Demo of REvil/Sodinokibi Linux variant encrypting a Linux system
REvil
2021-06-28AT&TAlienVault
@online{alienvault:20210628:revil:1b4ddb9, author = {AlienVault}, title = {{REvil ransomware Linux version (with YARA rule)}}, date = {2021-06-28}, organization = {AT&T}, url = {https://otx.alienvault.com/pulse/60da2c80aa5400db8f1561d5}, language = {English}, urldate = {2021-07-02} } REvil ransomware Linux version (with YARA rule)
REvil
2021-06-28Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210628:elf:3036ab2, author = {Vitali Kremez}, title = {{Tweet on ELF version of REvil}}, date = {2021-06-28}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1409601311092490248}, language = {English}, urldate = {2021-06-29} } Tweet on ELF version of REvil
REvil
2021-06-28Twitter (@AdamTheAnalyst)AdamTheAnalyst
@online{adamtheanalyst:20210628:suspected:a9109b3, author = {AdamTheAnalyst}, title = {{Tweet on suspected REvil exfiltration (over RClone FTP) server}}, date = {2021-06-28}, organization = {Twitter (@AdamTheAnalyst)}, url = {https://twitter.com/AdamTheAnalyst/status/1409499591452639242?s=20}, language = {English}, urldate = {2021-06-29} } Tweet on suspected REvil exfiltration (over RClone FTP) server
REvil REvil

There is no Yara-Signature yet.