S0632Windows

S0632GrimAgent

Platforms
1
ATT&CK
14.1
References
2

Description

[GrimAgent](https://attack.mitre.org/software/S0632) is a backdoor that has been used before the deployment of [Ryuk](https://attack.mitre.org/software/S0446) ransomware since at least 2020; it is likely used by [FIN6](https://attack.mitre.org/groups/G0037) and [Wizard Spider](https://attack.mitre.org/groups/G0102).(Citation: Group IB GrimAgent July 2021)

Platforms· 1

Windows

References

  1. https://attack.mitre.org/software/S0632
  2. https://gibnc.group-ib.com/s/Group-IB_GrimAgent_analysis#pdfviewer

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
SombRAT
Software
FIVEHANDS
Software
EVILNUM
Software
Ryuk
Software
WastedLocker
Software
ThreatNeedle
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.