SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.revil (Back to overview)

REvil

aka: REvix

ELF version of win.revil targeting VMware ESXi hypervisors.

References
2021-12-20YouTube (Malienist)Vishal Thakur
@online{thakur:20211220:revil:f1916d3, author = {Vishal Thakur}, title = {{Revil Linux Ransomware: Revix}}, date = {2021-12-20}, organization = {YouTube (Malienist)}, url = {https://www.youtube.com/watch?v=mDUMpYAOMOo}, language = {English}, urldate = {2021-12-20} } Revil Linux Ransomware: Revix
REvil
2021-12-20Trend MicroTrend Micro Research
@online{research:20211220:ransomware:d613fb1, author = {Trend Micro Research}, title = {{Ransomware Spotlight: REvil}}, date = {2021-12-20}, organization = {Trend Micro}, url = {https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-revil}, language = {English}, urldate = {2022-01-05} } Ransomware Spotlight: REvil
REvil REvil
2021-12-07Vishal Thakur
@online{thakur:20211207:revix:67b1c7f, author = {Vishal Thakur}, title = {{Revix Linux Ransomware}}, date = {2021-12-07}, url = {https://malienist.medium.com/revix-linux-ransomware-d736956150d0}, language = {English}, urldate = {2021-12-07} } Revix Linux Ransomware
REvil
2021-12-02AnkuraVishal Thakur
@online{thakur:20211202:revix:5d71a62, author = {Vishal Thakur}, title = {{Revix Linux Ransomware}}, date = {2021-12-02}, organization = {Ankura}, url = {https://angle.ankura.com/post/102hcny/revix-linux-ransomware}, language = {English}, urldate = {2021-12-07} } Revix Linux Ransomware
REvil
2021-11-17BBCJoe Tidy
@online{tidy:20211117:evil:bbce2b5, author = {Joe Tidy}, title = {{Evil Corp: 'My hunt for the world's most wanted hackers'}}, date = {2021-11-17}, organization = {BBC}, url = {https://www.bbc.com/news/technology-59297187}, language = {English}, urldate = {2021-11-18} } Evil Corp: 'My hunt for the world's most wanted hackers'
REvil REvil
2021-11-16Trend MicroTrend Micro
@online{micro:20211116:global:5b996d3, author = {Trend Micro}, title = {{Global Operations Lead to Arrests of Alleged Members of GandCrab/REvil and Cl0p Cartels}}, date = {2021-11-16}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_in/research/21/k/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab.html}, language = {English}, urldate = {2021-11-18} } Global Operations Lead to Arrests of Alleged Members of GandCrab/REvil and Cl0p Cartels
REvil Clop Gandcrab REvil
2021-11-10RT on the RussianEkaterina Suslova, Aleksey Polyakov, Elizaveta Koroleva, Alena Goinskaya
@online{suslova:20211110:he:f915f5b, author = {Ekaterina Suslova and Aleksey Polyakov and Elizaveta Koroleva and Alena Goinskaya}, title = {{"He does not get in touch": what is known about Barnaul, wanted by the FBI on charges of cybercrime}}, date = {2021-11-10}, organization = {RT on the Russian}, url = {https://russian.rt.com/russia/article/926347-barnaulec-rozysk-fbr-kibermoshennichestvo}, language = {Russian}, urldate = {2021-11-19} } "He does not get in touch": what is known about Barnaul, wanted by the FBI on charges of cybercrime
REvil REvil
2021-11-08The RecordCatalin Cimpanu
@online{cimpanu:20211108:us:42947b7, author = {Catalin Cimpanu}, title = {{US arrests and charges Ukrainian man for Kaseya ransomware attack}}, date = {2021-11-08}, organization = {The Record}, url = {https://therecord.media/us-arrests-and-charges-ukrainian-man-for-kaseya-ransomware-attack/}, language = {English}, urldate = {2021-11-09} } US arrests and charges Ukrainian man for Kaseya ransomware attack
REvil REvil
2021-11-08Department of JusticeDepartment of Justice
@techreport{justice:20211108:indictment:56ab8a3, author = {Department of Justice}, title = {{Indictment of Yaroslav Vasinskyi (REvil affiliate)}}, date = {2021-11-08}, institution = {Department of Justice}, url = {https://storage.courtlistener.com/recap/gov.uscourts.txnd.351760/gov.uscourts.txnd.351760.1.0_3.pdf}, language = {English}, urldate = {2021-11-09} } Indictment of Yaroslav Vasinskyi (REvil affiliate)
REvil REvil
2021-11-08KrebsOnSecurityBrian Krebs
@online{krebs:20211108:revil:8306da2, author = {Brian Krebs}, title = {{REvil Ransom Arrest, $6M Seizure, and $10M Reward}}, date = {2021-11-08}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2021/11/revil-ransom-arrest-6m-seizure-and-10m-reward/}, language = {English}, urldate = {2021-11-09} } REvil Ransom Arrest, $6M Seizure, and $10M Reward
REvil REvil
2021-11-08DIICOT (Romanian Directorate for Investigating Organized Crime and Terrorism)DIICOT (Romanian Directorate for Investigating Organized Crime and Terrorism)
@online{terrorism:20211108:press:c38a7b1, author = {DIICOT (Romanian Directorate for Investigating Organized Crime and Terrorism)}, title = {{Press release 2 08.11.2021}}, date = {2021-11-08}, organization = {DIICOT (Romanian Directorate for Investigating Organized Crime and Terrorism)}, url = {https://diicot.ro/mass-media/3341-comunicat-de-presa-2-08-11-2021}, language = {Romanian}, urldate = {2021-11-08} } Press release 2 08.11.2021
REvil REvil
2021-11-08FBIFBI
@online{fbi:20211108:wanted:f676a91, author = {FBI}, title = {{WANTED poster for Yevhgyeniy Polyanin (REvil affiliate)}}, date = {2021-11-08}, organization = {FBI}, url = {https://www.fbi.gov/wanted/cyber/yevgyeniy-igoryevich-polyanin}, language = {English}, urldate = {2021-11-09} } WANTED poster for Yevhgyeniy Polyanin (REvil affiliate)
REvil REvil
2021-11-08U.S. Department of the TreasuryU.S. Department of the Treasury
@techreport{treasury:20211108:advisory:c0f217e, author = {U.S. Department of the Treasury}, title = {{Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments}}, date = {2021-11-08}, institution = {U.S. Department of the Treasury}, url = {https://www.fincen.gov/sites/default/files/advisory/2021-11-08/FinCEN%20Ransomware%20Advisory_FINAL_508_.pdf}, language = {English}, urldate = {2021-11-09} } Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments
REvil REvil
2021-11-08Department of JusticeDepartment of Justice
@techreport{justice:20211108:indictment:5a7badb, author = {Department of Justice}, title = {{Indictment of Yevgeniy Polyanin, one off the REvil affliates}}, date = {2021-11-08}, institution = {Department of Justice}, url = {https://storage.courtlistener.com/recap/gov.uscourts.txnd.352371/gov.uscourts.txnd.352371.1.0_1.pdf}, language = {English}, urldate = {2021-11-09} } Indictment of Yevgeniy Polyanin, one off the REvil affliates
REvil REvil
2021-11-08Department of JusticeDepartment of Justice
@online{justice:20211108:ukrainian:e3b0544, author = {Department of Justice}, title = {{Ukrainian Arrested and Charged with Ransomware Attack on Kaseya}}, date = {2021-11-08}, organization = {Department of Justice}, url = {https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya}, language = {English}, urldate = {2021-11-09} } Ukrainian Arrested and Charged with Ransomware Attack on Kaseya
REvil REvil
2021-11-08U.S. Department of the TreasuryU.S. Department of the Treasury
@online{treasury:20211108:treasury:9e7aa2d, author = {U.S. Department of the Treasury}, title = {{Treasury Continues to Counter Ransomware as Part of Whole-of-Government Effort; Sanctions Ransomware Operators and Virtual Currency Exchange (Yaroslav Vasinskyi & Yevgeniy Polyanin)}}, date = {2021-11-08}, organization = {U.S. Department of the Treasury}, url = {https://home.treasury.gov/news/press-releases/jy0471}, language = {English}, urldate = {2021-11-09} } Treasury Continues to Counter Ransomware as Part of Whole-of-Government Effort; Sanctions Ransomware Operators and Virtual Currency Exchange (Yaroslav Vasinskyi & Yevgeniy Polyanin)
REvil REvil
2021-10-28BR.DEMaximilian Zierer, Hakan Tanriverdi
@online{zierer:20211028:mutmalicher:09d53d1, author = {Maximilian Zierer and Hakan Tanriverdi}, title = {{Mutmaßlicher Ransomware-Millionär identifiziert}}, date = {2021-10-28}, organization = {BR.DE}, url = {https://www.br.de/nachrichten/deutschland-welt/mutmasslicher-ransomware-millionaer-identifiziert,Sn3iHgJ}, language = {German}, urldate = {2021-11-03} } Mutmaßlicher Ransomware-Millionär identifiziert
REvil REvil
2021-10-26IntezerTwitter (IntezerLabs)
@online{intezerlabs:20211026:linux:53febe2, author = {Twitter (IntezerLabs)}, title = {{Tweet on Linux version of REvil ransomware}}, date = {2021-10-26}, organization = {Intezer}, url = {https://twitter.com/IntezerLabs/status/1452980772953071619}, language = {English}, urldate = {2021-11-03} } Tweet on Linux version of REvil ransomware
REvil
2021-10-25KELAVictoria Kivilevich
@online{kivilevich:20211025:will:44e51be, author = {Victoria Kivilevich}, title = {{Will the REvil Story Finally be Over?}}, date = {2021-10-25}, organization = {KELA}, url = {https://ke-la.com/will-the-revils-story-finally-be-over/}, language = {English}, urldate = {2021-11-09} } Will the REvil Story Finally be Over?
REvil REvil
2021-10-22DarkowlDarkowl
@online{darkowl:20211022:page:90c7728, author = {Darkowl}, title = {{“Page Not Found”: REvil Darknet Services Offline After Attack Last Weekend}}, date = {2021-10-22}, organization = {Darkowl}, url = {https://www.darkowl.com/blog-content/page-not-found-revil-darknet-services-offline-after-attack-last-weekend}, language = {English}, urldate = {2021-10-26} } “Page Not Found”: REvil Darknet Services Offline After Attack Last Weekend
REvil REvil
2021-10-22ReutersJoseph Menn, Christopher Bing
@online{menn:20211022:exclusive:f70f465, author = {Joseph Menn and Christopher Bing}, title = {{EXCLUSIVE Governments turn tables on ransomware gang REvil by pushing it offline}}, date = {2021-10-22}, organization = {Reuters}, url = {https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/}, language = {English}, urldate = {2021-10-26} } EXCLUSIVE Governments turn tables on ransomware gang REvil by pushing it offline
REvil REvil
2021-10-18FlashpointFlashpoint
@online{flashpoint:20211018:revil:104ed52, author = {Flashpoint}, title = {{REvil Disappears Again: ‘Something Is Rotten in the State of Ransomware’}}, date = {2021-10-18}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/revil-disappears-again/}, language = {English}, urldate = {2021-10-24} } REvil Disappears Again: ‘Something Is Rotten in the State of Ransomware’
REvil REvil
2021-10-17Bleeping ComputerLawrence Abrams
@online{abrams:20211017:revil:b53b66f, author = {Lawrence Abrams}, title = {{REvil ransomware shuts down again after Tor sites were hijacked}}, date = {2021-10-17}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/revil-ransomware-shuts-down-again-after-tor-sites-were-hijacked/}, language = {English}, urldate = {2021-10-25} } REvil ransomware shuts down again after Tor sites were hijacked
REvil REvil
2021-10-12CrowdStrikeCrowdStrike Intelligence Team
@online{team:20211012:ecx:5540ee9, author = {CrowdStrike Intelligence Team}, title = {{ECX: Big Game Hunting on the Rise Following a Notable Reduction in Activity}}, date = {2021-10-12}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/big-game-hunting-on-the-rise-again-according-to-ecrime-index/}, language = {English}, urldate = {2021-11-02} } ECX: Big Game Hunting on the Rise Following a Notable Reduction in Activity
Babuk BlackMatter DarkSide REvil Avaddon Babuk BlackMatter DarkSide LockBit Mailto REvil
2021-10-11AccentureAccenture Cyber Threat Intelligence
@online{intelligence:20211011:moving:3b0eaec, author = {Accenture Cyber Threat Intelligence}, title = {{Moving Left of the Ransomware Boom}}, date = {2021-10-11}, organization = {Accenture}, url = {https://www.accenture.com/us-en/blogs/cyber-defense/moving-left-ransomware-boom}, language = {English}, urldate = {2021-11-03} } Moving Left of the Ransomware Boom
REvil Cobalt Strike MimiKatz RagnarLocker REvil
2021-09-29FlashpointFlashpoint
@online{flashpoint:20210929:russian:565e147, author = {Flashpoint}, title = {{Russian hacker Q&A: An Interview With REvil-Affiliated Ransomware Contractor}}, date = {2021-09-29}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/interview-with-revil-affiliated-ransomware-contractor/}, language = {English}, urldate = {2021-10-26} } Russian hacker Q&A: An Interview With REvil-Affiliated Ransomware Contractor
REvil REvil
2021-09-22SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20210922:revil:5b97baf, author = {Counter Threat Unit ResearchTeam}, title = {{REvil Ransomware Reemerges After Shutdown; Universal Decryptor Released}}, date = {2021-09-22}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/revil-ransomware-reemerges-after-shutdown-universal-decryptor-released}, language = {English}, urldate = {2021-09-28} } REvil Ransomware Reemerges After Shutdown; Universal Decryptor Released
REvil REvil
2021-09-14CrowdStrikeCrowdStrike Intelligence Team
@online{team:20210914:big:b345561, author = {CrowdStrike Intelligence Team}, title = {{Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack}}, date = {2021-09-14}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/}, language = {English}, urldate = {2021-09-19} } Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack
BlackMatter DarkSide REvil Avaddon BlackMatter Clop Conti CryptoLocker DarkSide DoppelPaymer Hades REvil
2021-08-30CrowdStrikeMichael Dawson
@online{dawson:20210830:hypervisor:81ca39b, author = {Michael Dawson}, title = {{Hypervisor Jackpotting, Part 2: eCrime Actors Increase Targeting of ESXi Servers with Ransomware}}, date = {2021-08-30}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/hypervisor-jackpotting-ecrime-actors-increase-targeting-of-esxi-servers/}, language = {English}, urldate = {2021-08-31} } Hypervisor Jackpotting, Part 2: eCrime Actors Increase Targeting of ESXi Servers with Ransomware
Babuk HelloKitty REvil
2021-07-28Digital ShadowsPhoton Research Team
@online{team:20210728:revil:ba7360a, author = {Photon Research Team}, title = {{REvil: Analysis of Competing Hypotheses}}, date = {2021-07-28}, organization = {Digital Shadows}, url = {https://www.digitalshadows.com/blog-and-research/revil-analysis-of-competing-hypotheses/}, language = {English}, urldate = {2021-08-25} } REvil: Analysis of Competing Hypotheses
REvil REvil
2021-07-19EllipticElliptic
@online{elliptic:20210719:revil:12b16d1, author = {Elliptic}, title = {{REvil Revealed - Tracking a Ransomware Negotiation and Payment}}, date = {2021-07-19}, organization = {Elliptic}, url = {https://www.elliptic.co/blog/revil-revealed-tracking-ransomware-negotiation-and-payment}, language = {English}, urldate = {2021-07-20} } REvil Revealed - Tracking a Ransomware Negotiation and Payment
REvil REvil
2021-07-13Threat PostLisa Vaas
@online{vaas:20210713:ransomware:d88e024, author = {Lisa Vaas}, title = {{Ransomware Giant REvil’s Sites Disappear}}, date = {2021-07-13}, organization = {Threat Post}, url = {https://threatpost.com/ransomware-revil-sites-disappears/167745/}, language = {English}, urldate = {2021-07-20} } Ransomware Giant REvil’s Sites Disappear
REvil REvil
2021-07-05Github (f0wl)Marius Genheimer
@online{genheimer:20210705:revil:7f67df1, author = {Marius Genheimer}, title = {{REvil Linux Configuration Extractor}}, date = {2021-07-05}, organization = {Github (f0wl)}, url = {https://github.com/f0wl/REconfig-linux}, language = {English}, urldate = {2021-07-05} } REvil Linux Configuration Extractor
REvil
2021-07-04CISAUS-CERT
@online{uscert:20210704:cisafbi:1e199f1, author = {US-CERT}, title = {{CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack}}, date = {2021-07-04}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa}, language = {English}, urldate = {2021-07-09} } CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
REvil REvil
2021-07-03Cybleinccybleinc
@online{cybleinc:20210703:uncensored:f43cf7f, author = {cybleinc}, title = {{Uncensored Interview with REvil / Sodinokibi Ransomware Operators}}, date = {2021-07-03}, organization = {Cybleinc}, url = {https://cybleinc.com/2021/07/03/uncensored-interview-with-revil-sodinokibi-ransomware-operators/}, language = {English}, urldate = {2021-07-11} } Uncensored Interview with REvil / Sodinokibi Ransomware Operators
REvil REvil
2021-07-01AT&T CybersecurityOfer Caspi, Fernando Martinez
@online{caspi:20210701:revils:20b42ae, author = {Ofer Caspi and Fernando Martinez}, title = {{REvil’s new Linux version}}, date = {2021-07-01}, organization = {AT&T Cybersecurity}, url = {https://cybersecurity.att.com/blogs/labs-research/revils-new-linux-version}, language = {English}, urldate = {2021-07-02} } REvil’s new Linux version
REvil REvil
2021-07-01DomainToolsChad Anderson
@online{anderson:20210701:most:39f64b8, author = {Chad Anderson}, title = {{The Most Prolific Ransomware Families: A Defenders Guide}}, date = {2021-07-01}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/the-most-prolific-ransomware-families-a-defenders-guide}, language = {English}, urldate = {2021-07-11} } The Most Prolific Ransomware Families: A Defenders Guide
REvil Conti Egregor Maze REvil
2021-07-01ThreatpostTom Spring
@online{spring:20210701:linux:2584acf, author = {Tom Spring}, title = {{Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices}}, date = {2021-07-01}, organization = {Threatpost}, url = {https://threatpost.com/linux-variant-ransomware-vmwares-nas/167511/}, language = {English}, urldate = {2021-07-02} } Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices
REvil
2021-06-29Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210629:linux:1b5367c, author = {Vitali Kremez}, title = {{Tweet on Linux version of REvil ransomware}}, date = {2021-06-29}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1409601311092490248?s=20}, language = {English}, urldate = {2021-06-29} } Tweet on Linux version of REvil ransomware
REvil
2021-06-29YouTube (C. Beek)Christiaan Beek
@online{beek:20210629:demo:2cbd075, author = {Christiaan Beek}, title = {{Demo of REvil/Sodinokibi Linux variant encrypting a Linux system}}, date = {2021-06-29}, organization = {YouTube (C. Beek)}, url = {https://www.youtube.com/watch?v=ptbNMlWxYnE}, language = {English}, urldate = {2021-06-29} } Demo of REvil/Sodinokibi Linux variant encrypting a Linux system
REvil
2021-06-28Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210628:elf:3036ab2, author = {Vitali Kremez}, title = {{Tweet on ELF version of REvil}}, date = {2021-06-28}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1409601311092490248}, language = {English}, urldate = {2021-06-29} } Tweet on ELF version of REvil
REvil
2021-06-28Twitter (@AdamTheAnalyst)AdamTheAnalyst
@online{adamtheanalyst:20210628:suspected:a9109b3, author = {AdamTheAnalyst}, title = {{Tweet on suspected REvil exfiltration (over RClone FTP) server}}, date = {2021-06-28}, organization = {Twitter (@AdamTheAnalyst)}, url = {https://twitter.com/AdamTheAnalyst/status/1409499591452639242?s=20}, language = {English}, urldate = {2021-06-29} } Tweet on suspected REvil exfiltration (over RClone FTP) server
REvil REvil
2021-06-28AT&TAlienVault
@online{alienvault:20210628:revil:1b4ddb9, author = {AlienVault}, title = {{REvil ransomware Linux version (with YARA rule)}}, date = {2021-06-28}, organization = {AT&T}, url = {https://otx.alienvault.com/pulse/60da2c80aa5400db8f1561d5}, language = {English}, urldate = {2021-07-02} } REvil ransomware Linux version (with YARA rule)
REvil

There is no Yara-Signature yet.