SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.revil (Back to overview)

REvil

aka: REvix

ELF version of win.revil targeting VMware ESXi hypervisors.

References
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20220509:ransomwareasaservice:13ec472, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself}}, date = {2022-05-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself}, language = {English}, urldate = {2022-05-17} } Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker
2022-03-17Trend MicroTrend Micro Research
@techreport{research:20220317:navigating:5ad631e, author = {Trend Micro Research}, title = {{Navigating New Frontiers Trend Micro 2021 Annual Cybersecurity Report}}, date = {2022-03-17}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/rpt/rpt-navigating-new-frontiers-trend-micro-2021-annual-cybersecurity-report.pdf}, language = {English}, urldate = {2022-03-22} } Navigating New Frontiers Trend Micro 2021 Annual Cybersecurity Report
REvil BazarBackdoor Buer IcedID QakBot REvil
2022-02-14DarktraceOakley Cox
@online{cox:20220214:staying:16693dd, author = {Oakley Cox}, title = {{Staying ahead of REvil’s Ransomware-as-a-Service business model}}, date = {2022-02-14}, organization = {Darktrace}, url = {https://www.darktrace.com/en/blog/staying-ahead-of-r-evils-ransomware-as-a-service-business-model/}, language = {English}, urldate = {2022-03-01} } Staying ahead of REvil’s Ransomware-as-a-Service business model
REvil REvil
2022-02-09vmwareVMWare
@techreport{vmware:20220209:exposing:7b5f76e, author = {VMWare}, title = {{Exposing Malware in Linux-Based Multi-Cloud Environments}}, date = {2022-02-09}, institution = {vmware}, url = {https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmw-exposing-malware-in-linux-based-multi-cloud-environments.pdf}, language = {English}, urldate = {2022-02-10} } Exposing Malware in Linux-Based Multi-Cloud Environments
ACBackdoor BlackMatter DarkSide Erebus HelloKitty Kinsing PLEAD QNAPCrypt RansomEXX REvil Sysrv-hello TeamTNT Vermilion Strike Cobalt Strike
2022-01-27ANALYST1Jon DiMaggio
@techreport{dimaggio:20220127:history:921d98f, author = {Jon DiMaggio}, title = {{A History of Revil}}, date = {2022-01-27}, institution = {ANALYST1}, url = {https://analyst1.com/file-assets/History-of-REvil.pdf}, language = {English}, urldate = {2022-02-01} } A History of Revil
REvil REvil
2022-01-14FSBFSB
@online{fsb:20220114:unlawful:58f711c, author = {FSB}, title = {{Unlawful Activities of Members of an Organized Criminal Community were suppressed}}, date = {2022-01-14}, organization = {FSB}, url = {http://www.fsb.ru/fsb/press/message/single.htm%21id%3D10439388%40fsbMessage.html}, language = {English}, urldate = {2022-01-25} } Unlawful Activities of Members of an Organized Criminal Community were suppressed
REvil REvil
2022-01-14Advanced IntelligenceYelisey Boguslavskiy
@online{boguslavskiy:20220114:storm:ad0e3d7, author = {Yelisey Boguslavskiy}, title = {{Storm in "Safe Haven": Takeaways from Russian Authorities Takedown of REvil}}, date = {2022-01-14}, organization = {Advanced Intelligence}, url = {https://www.advintel.io/post/storm-in-safe-haven-takeaways-from-russian-authorities-takedown-of-revil}, language = {English}, urldate = {2022-01-24} } Storm in "Safe Haven": Takeaways from Russian Authorities Takedown of REvil
REvil REvil
2021-12-20YouTube (Malienist)Vishal Thakur
@online{thakur:20211220:revil:f1916d3, author = {Vishal Thakur}, title = {{Revil Linux Ransomware: Revix}}, date = {2021-12-20}, organization = {YouTube (Malienist)}, url = {https://www.youtube.com/watch?v=mDUMpYAOMOo}, language = {English}, urldate = {2021-12-20} } Revil Linux Ransomware: Revix
REvil
2021-12-20Trend MicroTrend Micro Research
@online{research:20211220:ransomware:d613fb1, author = {Trend Micro Research}, title = {{Ransomware Spotlight: REvil}}, date = {2021-12-20}, organization = {Trend Micro}, url = {https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-revil}, language = {English}, urldate = {2022-01-05} } Ransomware Spotlight: REvil
REvil REvil
2021-12-07Vishal Thakur
@online{thakur:20211207:revix:67b1c7f, author = {Vishal Thakur}, title = {{Revix Linux Ransomware}}, date = {2021-12-07}, url = {https://malienist.medium.com/revix-linux-ransomware-d736956150d0}, language = {English}, urldate = {2021-12-07} } Revix Linux Ransomware
REvil
2021-12-02AnkuraVishal Thakur
@online{thakur:20211202:revix:5d71a62, author = {Vishal Thakur}, title = {{Revix Linux Ransomware}}, date = {2021-12-02}, organization = {Ankura}, url = {https://angle.ankura.com/post/102hcny/revix-linux-ransomware}, language = {English}, urldate = {2021-12-07} } Revix Linux Ransomware
REvil
2021-11-17BBCJoe Tidy
@online{tidy:20211117:evil:bbce2b5, author = {Joe Tidy}, title = {{Evil Corp: 'My hunt for the world's most wanted hackers'}}, date = {2021-11-17}, organization = {BBC}, url = {https://www.bbc.com/news/technology-59297187}, language = {English}, urldate = {2021-11-18} } Evil Corp: 'My hunt for the world's most wanted hackers'
REvil REvil
2021-11-16Trend MicroTrend Micro
@online{micro:20211116:global:5b996d3, author = {Trend Micro}, title = {{Global Operations Lead to Arrests of Alleged Members of GandCrab/REvil and Cl0p Cartels}}, date = {2021-11-16}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_in/research/21/k/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab.html}, language = {English}, urldate = {2021-11-18} } Global Operations Lead to Arrests of Alleged Members of GandCrab/REvil and Cl0p Cartels
REvil Clop Gandcrab REvil
2021-11-10RT on the RussianEkaterina Suslova, Aleksey Polyakov, Elizaveta Koroleva, Alena Goinskaya
@online{suslova:20211110:he:f915f5b, author = {Ekaterina Suslova and Aleksey Polyakov and Elizaveta Koroleva and Alena Goinskaya}, title = {{"He does not get in touch": what is known about Barnaul, wanted by the FBI on charges of cybercrime}}, date = {2021-11-10}, organization = {RT on the Russian}, url = {https://russian.rt.com/russia/article/926347-barnaulec-rozysk-fbr-kibermoshennichestvo}, language = {Russian}, urldate = {2021-11-19} } "He does not get in touch": what is known about Barnaul, wanted by the FBI on charges of cybercrime
REvil REvil
2021-11-08The RecordCatalin Cimpanu
@online{cimpanu:20211108:us:42947b7, author = {Catalin Cimpanu}, title = {{US arrests and charges Ukrainian man for Kaseya ransomware attack}}, date = {2021-11-08}, organization = {The Record}, url = {https://therecord.media/us-arrests-and-charges-ukrainian-man-for-kaseya-ransomware-attack/}, language = {English}, urldate = {2021-11-09} } US arrests and charges Ukrainian man for Kaseya ransomware attack
REvil REvil
2021-11-08Department of JusticeDepartment of Justice
@techreport{justice:20211108:indictment:56ab8a3, author = {Department of Justice}, title = {{Indictment of Yaroslav Vasinskyi (REvil affiliate)}}, date = {2021-11-08}, institution = {Department of Justice}, url = {https://storage.courtlistener.com/recap/gov.uscourts.txnd.351760/gov.uscourts.txnd.351760.1.0_3.pdf}, language = {English}, urldate = {2021-11-09} } Indictment of Yaroslav Vasinskyi (REvil affiliate)
REvil REvil
2021-11-08KrebsOnSecurityBrian Krebs
@online{krebs:20211108:revil:8306da2, author = {Brian Krebs}, title = {{REvil Ransom Arrest, $6M Seizure, and $10M Reward}}, date = {2021-11-08}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2021/11/revil-ransom-arrest-6m-seizure-and-10m-reward/}, language = {English}, urldate = {2021-11-09} } REvil Ransom Arrest, $6M Seizure, and $10M Reward
REvil REvil
2021-11-08DIICOT (Romanian Directorate for Investigating Organized Crime and Terrorism)DIICOT (Romanian Directorate for Investigating Organized Crime and Terrorism)
@online{terrorism:20211108:press:c38a7b1, author = {DIICOT (Romanian Directorate for Investigating Organized Crime and Terrorism)}, title = {{Press release 2 08.11.2021}}, date = {2021-11-08}, organization = {DIICOT (Romanian Directorate for Investigating Organized Crime and Terrorism)}, url = {https://diicot.ro/mass-media/3341-comunicat-de-presa-2-08-11-2021}, language = {Romanian}, urldate = {2021-11-08} } Press release 2 08.11.2021
REvil REvil
2021-11-08FBIFBI
@online{fbi:20211108:wanted:f676a91, author = {FBI}, title = {{WANTED poster for Yevhgyeniy Polyanin (REvil affiliate)}}, date = {2021-11-08}, organization = {FBI}, url = {https://www.fbi.gov/wanted/cyber/yevgyeniy-igoryevich-polyanin}, language = {English}, urldate = {2021-11-09} } WANTED poster for Yevhgyeniy Polyanin (REvil affiliate)
REvil REvil
2021-11-08U.S. Department of the TreasuryU.S. Department of the Treasury
@techreport{treasury:20211108:advisory:c0f217e, author = {U.S. Department of the Treasury}, title = {{Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments}}, date = {2021-11-08}, institution = {U.S. Department of the Treasury}, url = {https://www.fincen.gov/sites/default/files/advisory/2021-11-08/FinCEN%20Ransomware%20Advisory_FINAL_508_.pdf}, language = {English}, urldate = {2021-11-09} } Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments
REvil REvil
2021-11-08Department of JusticeDepartment of Justice
@techreport{justice:20211108:indictment:5a7badb, author = {Department of Justice}, title = {{Indictment of Yevgeniy Polyanin, one off the REvil affliates}}, date = {2021-11-08}, institution = {Department of Justice}, url = {https://storage.courtlistener.com/recap/gov.uscourts.txnd.352371/gov.uscourts.txnd.352371.1.0_1.pdf}, language = {English}, urldate = {2021-11-09} } Indictment of Yevgeniy Polyanin, one off the REvil affliates
REvil REvil
2021-11-08Department of JusticeDepartment of Justice
@online{justice:20211108:ukrainian:e3b0544, author = {Department of Justice}, title = {{Ukrainian Arrested and Charged with Ransomware Attack on Kaseya}}, date = {2021-11-08}, organization = {Department of Justice}, url = {https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya}, language = {English}, urldate = {2021-11-09} } Ukrainian Arrested and Charged with Ransomware Attack on Kaseya
REvil REvil
2021-11-08U.S. Department of the TreasuryU.S. Department of the Treasury
@online{treasury:20211108:treasury:9e7aa2d, author = {U.S. Department of the Treasury}, title = {{Treasury Continues to Counter Ransomware as Part of Whole-of-Government Effort; Sanctions Ransomware Operators and Virtual Currency Exchange (Yaroslav Vasinskyi & Yevgeniy Polyanin)}}, date = {2021-11-08}, organization = {U.S. Department of the Treasury}, url = {https://home.treasury.gov/news/press-releases/jy0471}, language = {English}, urldate = {2021-11-09} } Treasury Continues to Counter Ransomware as Part of Whole-of-Government Effort; Sanctions Ransomware Operators and Virtual Currency Exchange (Yaroslav Vasinskyi & Yevgeniy Polyanin)
REvil REvil
2021-10-28BR.DEMaximilian Zierer, Hakan Tanriverdi
@online{zierer:20211028:mutmalicher:09d53d1, author = {Maximilian Zierer and Hakan Tanriverdi}, title = {{Mutmaßlicher Ransomware-Millionär identifiziert}}, date = {2021-10-28}, organization = {BR.DE}, url = {https://www.br.de/nachrichten/deutschland-welt/mutmasslicher-ransomware-millionaer-identifiziert,Sn3iHgJ}, language = {German}, urldate = {2021-11-03} } Mutmaßlicher Ransomware-Millionär identifiziert
REvil REvil
2021-10-26IntezerTwitter (IntezerLabs)
@online{intezerlabs:20211026:linux:53febe2, author = {Twitter (IntezerLabs)}, title = {{Tweet on Linux version of REvil ransomware}}, date = {2021-10-26}, organization = {Intezer}, url = {https://twitter.com/IntezerLabs/status/1452980772953071619}, language = {English}, urldate = {2021-11-03} } Tweet on Linux version of REvil ransomware
REvil
2021-10-25KELAVictoria Kivilevich
@online{kivilevich:20211025:will:44e51be, author = {Victoria Kivilevich}, title = {{Will the REvil Story Finally be Over?}}, date = {2021-10-25}, organization = {KELA}, url = {https://ke-la.com/will-the-revils-story-finally-be-over/}, language = {English}, urldate = {2021-11-09} } Will the REvil Story Finally be Over?
REvil REvil
2021-10-22DarkowlDarkowl
@online{darkowl:20211022:page:90c7728, author = {Darkowl}, title = {{“Page Not Found”: REvil Darknet Services Offline After Attack Last Weekend}}, date = {2021-10-22}, organization = {Darkowl}, url = {https://www.darkowl.com/blog-content/page-not-found-revil-darknet-services-offline-after-attack-last-weekend}, language = {English}, urldate = {2021-10-26} } “Page Not Found”: REvil Darknet Services Offline After Attack Last Weekend
REvil REvil
2021-10-22ReutersJoseph Menn, Christopher Bing
@online{menn:20211022:exclusive:f70f465, author = {Joseph Menn and Christopher Bing}, title = {{EXCLUSIVE Governments turn tables on ransomware gang REvil by pushing it offline}}, date = {2021-10-22}, organization = {Reuters}, url = {https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/}, language = {English}, urldate = {2021-10-26} } EXCLUSIVE Governments turn tables on ransomware gang REvil by pushing it offline
REvil REvil
2021-10-18FlashpointFlashpoint
@online{flashpoint:20211018:revil:104ed52, author = {Flashpoint}, title = {{REvil Disappears Again: ‘Something Is Rotten in the State of Ransomware’}}, date = {2021-10-18}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/revil-disappears-again/}, language = {English}, urldate = {2021-10-24} } REvil Disappears Again: ‘Something Is Rotten in the State of Ransomware’
REvil REvil
2021-10-17Bleeping ComputerLawrence Abrams
@online{abrams:20211017:revil:b53b66f, author = {Lawrence Abrams}, title = {{REvil ransomware shuts down again after Tor sites were hijacked}}, date = {2021-10-17}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/revil-ransomware-shuts-down-again-after-tor-sites-were-hijacked/}, language = {English}, urldate = {2021-10-25} } REvil ransomware shuts down again after Tor sites were hijacked
REvil REvil
2021-10-12CrowdStrikeCrowdStrike Intelligence Team
@online{team:20211012:ecx:5540ee9, author = {CrowdStrike Intelligence Team}, title = {{ECX: Big Game Hunting on the Rise Following a Notable Reduction in Activity}}, date = {2021-10-12}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/big-game-hunting-on-the-rise-again-according-to-ecrime-index/}, language = {English}, urldate = {2021-11-02} } ECX: Big Game Hunting on the Rise Following a Notable Reduction in Activity
Babuk BlackMatter DarkSide REvil Avaddon Babuk BlackMatter DarkSide LockBit Mailto REvil
2021-10-11AccentureAccenture Cyber Threat Intelligence
@online{intelligence:20211011:moving:3b0eaec, author = {Accenture Cyber Threat Intelligence}, title = {{Moving Left of the Ransomware Boom}}, date = {2021-10-11}, organization = {Accenture}, url = {https://www.accenture.com/us-en/blogs/cyber-defense/moving-left-ransomware-boom}, language = {English}, urldate = {2021-11-03} } Moving Left of the Ransomware Boom
REvil Cobalt Strike MimiKatz RagnarLocker REvil
2021-09-29FlashpointFlashpoint
@online{flashpoint:20210929:russian:565e147, author = {Flashpoint}, title = {{Russian hacker Q&A: An Interview With REvil-Affiliated Ransomware Contractor}}, date = {2021-09-29}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog/interview-with-revil-affiliated-ransomware-contractor/}, language = {English}, urldate = {2021-10-26} } Russian hacker Q&A: An Interview With REvil-Affiliated Ransomware Contractor
REvil REvil
2021-09-22SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20210922:revil:5b97baf, author = {Counter Threat Unit ResearchTeam}, title = {{REvil Ransomware Reemerges After Shutdown; Universal Decryptor Released}}, date = {2021-09-22}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/revil-ransomware-reemerges-after-shutdown-universal-decryptor-released}, language = {English}, urldate = {2021-09-28} } REvil Ransomware Reemerges After Shutdown; Universal Decryptor Released
REvil REvil
2021-09-14CrowdStrikeCrowdStrike Intelligence Team
@online{team:20210914:big:b345561, author = {CrowdStrike Intelligence Team}, title = {{Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack}}, date = {2021-09-14}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/}, language = {English}, urldate = {2021-09-19} } Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack
BlackMatter DarkSide REvil Avaddon BlackMatter Clop Conti CryptoLocker DarkSide DoppelPaymer Hades REvil
2021-08-30CrowdStrikeMichael Dawson
@online{dawson:20210830:hypervisor:81ca39b, author = {Michael Dawson}, title = {{Hypervisor Jackpotting, Part 2: eCrime Actors Increase Targeting of ESXi Servers with Ransomware}}, date = {2021-08-30}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/hypervisor-jackpotting-ecrime-actors-increase-targeting-of-esxi-servers/}, language = {English}, urldate = {2021-08-31} } Hypervisor Jackpotting, Part 2: eCrime Actors Increase Targeting of ESXi Servers with Ransomware
Babuk HelloKitty REvil
2021-07-28Digital ShadowsPhoton Research Team
@online{team:20210728:revil:ba7360a, author = {Photon Research Team}, title = {{REvil: Analysis of Competing Hypotheses}}, date = {2021-07-28}, organization = {Digital Shadows}, url = {https://www.digitalshadows.com/blog-and-research/revil-analysis-of-competing-hypotheses/}, language = {English}, urldate = {2021-08-25} } REvil: Analysis of Competing Hypotheses
REvil REvil
2021-07-19EllipticElliptic
@online{elliptic:20210719:revil:12b16d1, author = {Elliptic}, title = {{REvil Revealed - Tracking a Ransomware Negotiation and Payment}}, date = {2021-07-19}, organization = {Elliptic}, url = {https://www.elliptic.co/blog/revil-revealed-tracking-ransomware-negotiation-and-payment}, language = {English}, urldate = {2021-07-20} } REvil Revealed - Tracking a Ransomware Negotiation and Payment
REvil REvil
2021-07-13Threat PostLisa Vaas
@online{vaas:20210713:ransomware:d88e024, author = {Lisa Vaas}, title = {{Ransomware Giant REvil’s Sites Disappear}}, date = {2021-07-13}, organization = {Threat Post}, url = {https://threatpost.com/ransomware-revil-sites-disappears/167745/}, language = {English}, urldate = {2021-07-20} } Ransomware Giant REvil’s Sites Disappear
REvil REvil
2021-07-05Github (f0wl)Marius Genheimer
@online{genheimer:20210705:revil:7f67df1, author = {Marius Genheimer}, title = {{REvil Linux Configuration Extractor}}, date = {2021-07-05}, organization = {Github (f0wl)}, url = {https://github.com/f0wl/REconfig-linux}, language = {English}, urldate = {2021-07-05} } REvil Linux Configuration Extractor
REvil
2021-07-04CISAUS-CERT
@online{uscert:20210704:cisafbi:1e199f1, author = {US-CERT}, title = {{CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack}}, date = {2021-07-04}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa}, language = {English}, urldate = {2021-07-09} } CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
REvil REvil
2021-07-03Cybleinccybleinc
@online{cybleinc:20210703:uncensored:f43cf7f, author = {cybleinc}, title = {{Uncensored Interview with REvil / Sodinokibi Ransomware Operators}}, date = {2021-07-03}, organization = {Cybleinc}, url = {https://cybleinc.com/2021/07/03/uncensored-interview-with-revil-sodinokibi-ransomware-operators/}, language = {English}, urldate = {2021-07-11} } Uncensored Interview with REvil / Sodinokibi Ransomware Operators
REvil REvil
2021-07-01AT&T CybersecurityOfer Caspi, Fernando Martinez
@online{caspi:20210701:revils:20b42ae, author = {Ofer Caspi and Fernando Martinez}, title = {{REvil’s new Linux version}}, date = {2021-07-01}, organization = {AT&T Cybersecurity}, url = {https://cybersecurity.att.com/blogs/labs-research/revils-new-linux-version}, language = {English}, urldate = {2021-07-02} } REvil’s new Linux version
REvil REvil
2021-07-01DomainToolsChad Anderson
@online{anderson:20210701:most:39f64b8, author = {Chad Anderson}, title = {{The Most Prolific Ransomware Families: A Defenders Guide}}, date = {2021-07-01}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/the-most-prolific-ransomware-families-a-defenders-guide}, language = {English}, urldate = {2021-07-11} } The Most Prolific Ransomware Families: A Defenders Guide
REvil Conti Egregor Maze REvil
2021-07-01ThreatpostTom Spring
@online{spring:20210701:linux:2584acf, author = {Tom Spring}, title = {{Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices}}, date = {2021-07-01}, organization = {Threatpost}, url = {https://threatpost.com/linux-variant-ransomware-vmwares-nas/167511/}, language = {English}, urldate = {2021-07-02} } Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices
REvil
2021-06-29Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210629:linux:1b5367c, author = {Vitali Kremez}, title = {{Tweet on Linux version of REvil ransomware}}, date = {2021-06-29}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1409601311092490248?s=20}, language = {English}, urldate = {2021-06-29} } Tweet on Linux version of REvil ransomware
REvil
2021-06-29YouTube (C. Beek)Christiaan Beek
@online{beek:20210629:demo:2cbd075, author = {Christiaan Beek}, title = {{Demo of REvil/Sodinokibi Linux variant encrypting a Linux system}}, date = {2021-06-29}, organization = {YouTube (C. Beek)}, url = {https://www.youtube.com/watch?v=ptbNMlWxYnE}, language = {English}, urldate = {2021-06-29} } Demo of REvil/Sodinokibi Linux variant encrypting a Linux system
REvil
2021-06-28Twitter (@VK_intel)Vitali Kremez
@online{kremez:20210628:elf:3036ab2, author = {Vitali Kremez}, title = {{Tweet on ELF version of REvil}}, date = {2021-06-28}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1409601311092490248}, language = {English}, urldate = {2021-06-29} } Tweet on ELF version of REvil
REvil
2021-06-28Twitter (@AdamTheAnalyst)AdamTheAnalyst
@online{adamtheanalyst:20210628:suspected:a9109b3, author = {AdamTheAnalyst}, title = {{Tweet on suspected REvil exfiltration (over RClone FTP) server}}, date = {2021-06-28}, organization = {Twitter (@AdamTheAnalyst)}, url = {https://twitter.com/AdamTheAnalyst/status/1409499591452639242?s=20}, language = {English}, urldate = {2021-06-29} } Tweet on suspected REvil exfiltration (over RClone FTP) server
REvil REvil
2021-06-28AT&TAlienVault
@online{alienvault:20210628:revil:1b4ddb9, author = {AlienVault}, title = {{REvil ransomware Linux version (with YARA rule)}}, date = {2021-06-28}, organization = {AT&T}, url = {https://otx.alienvault.com/pulse/60da2c80aa5400db8f1561d5}, language = {English}, urldate = {2021-07-02} } REvil ransomware Linux version (with YARA rule)
REvil

There is no Yara-Signature yet.