A deep dive into Phobos ransomware, recently deployed by 8Base group

• Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations. 


• Most of the group’s Phobos variants are distributed by SmokeLoader, a backdoor trojan. This commodity loader typically drops or downloads additional payloads when deployed. In 8Base campaigns, however, it has the ransomware component embedded in its encrypted payloads, which is then decrypted and loaded into the SmokeLoader …

8base backdoor cisco cisco talos deep dive distributed dive loader operations phobos ransomware ransomware ransomware group smokeloader talos tools trojan