Faust

Description

Faust is a variant of the well-known Phobos ransomware, part of a Ransomware-as-a-Service (RaaS) ecosystem active since around May 2019. Faust employs a double-extortion model, encrypting victim files and threatening to release stolen data if ransom demands are not met. It's distributed via Office document payloads using VBA scripts and known for its fileless attack delivery, enabling stealth and evasion.

External Analysis
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a
https://www.truesec.com/hub/blog/a-case-of-the-faust-ransomware
https://www.broadcom.com/support/security-center/protection-bulletin/faust-ransomware-a-phobos-family-variant

Urls	Screen

File servers	Screen

Chat servers	Screen

Admin servers	Screen