HOMETHREATSDiamondFox
APT / THREAT GROUP

DiamondFox

5
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to PCrisk, DiamondFox is highly modular malware offered as malware-as-a-service, and is for sale on various hacker forums. Therefore, cyber criminals who are willing to use DiamondFox do not necessarily require any technical knowledge to perform their attacks.

Once purchased, this malware can be used to log keystrokes, steal credentials (e.g., usernames, email addresses, passwords), hijack cryptocurrency wallets, perform distributed denial of service (DDoS) attacks, and to carry out other malicious tasks.

DiamondFox allows cyber criminals to choose which plug-ins to keep activated and see infection statistics in real-time.

Threat Analysis

DiamondFox is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases5

Also Known As

win.diamondfoxGorynychDiamondFoxCrystalGorynch

External Intelligence

Malpedia: win.diamondfox

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
DiamondFox — APT / Threat Group | Threat Intelligence | CTIWATCH.COM