S0496Windows

S0496REvil

Platforms
1
ATT&CK
14.1
References
13

Description

[REvil](https://attack.mitre.org/software/S0496) is a ransomware family that has been linked to the [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) group and operated as ransomware-as-a-service (RaaS) since at least April 2019. [REvil](https://attack.mitre.org/software/S0496), which as been used against organizations in the manufacturing, transportation, and electric sectors, is highly configurable and shares code similarities with the GandCrab RaaS.(Citation: Secureworks REvil September 2019)(Citation: Intel 471 REvil March 2020)(Citation: Group IB Ransomware May 2020)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupGOLD SOUTHFIELDg0115100%live

References

  1. https://attack.mitre.org/software/S0496
  2. https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html
  3. https://www.secureworks.com/research/revil-sodinokibi-ransomware
  4. https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
  5. https://www.group-ib.com/whitepapers/ransomware-uncovered.html
  6. https://www.gdatasoftware.com/blog/2019/06/31724-strange-bits-sodinokibi-spam-cinarat-and-fake-g-data
  7. https://intel471.com/blog/revil-ransomware-as-a-service-an-analysis-of-a-ransomware-affiliate-operation/
  8. https://securelist.com/sodin-ransomware/91473/
  9. https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/
  10. https://www.picussecurity.com/blog/a-brief-history-and-further-technical-analysis-of-sodinokibi-ransomware

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Group
GOLD SOUTHFIELD
Software
Ryuk
Software
RDAT
Actor
GOLD NORTHFIELD
Software
R980
Software
Rector
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.