REvil

Malware Profile Updated 7 days ago
Download STIX
Preview STIX
REvil, also known as Sodinokibi, is a type of malware that gained notoriety through its use in ransomware attacks. As the Ransomware as a Service (RaaS) model grew in popularity during 2020, relationships between first-stage malware and subsequent ransomware attacks were established. One such connection was found between Gootkit malware and REvil ransomware. The authors of REvil's ransomware introduced a unique feature: a countdown with their ransom demand, adding pressure on victims to pay. In an unexpected move, GOLD SOUTHFIELD (REvil) announced it was ceasing its RaaS operations without explicitly refraining from deploying ransomware. The REvil ransomware has been associated with significant cybersecurity incidents, including exploiting a vulnerability in Kaseya's software to infect its customer base. This approach affected Managed Service Providers (MSPs) and their clients, demonstrating the broad reach of this malware. Despite the widespread damage caused by REvil, most decryptors can unlock a variety of ransomware types, including REvil itself along with others like WannaCry, Petya, NotPetya, TeslaCrypt, DarkSide, Alcatraz Locker, Apocalypse, BadBlock, Bart, BTCWare, EncrypTile, and Globe. Legal actions have been taken against individuals linked to the REvil group. A notable case involved a Ukrainian gang member associated with REvil who was sentenced to 13 years in prison. Furthermore, it is believed that former members of notorious ransomware groups such as Conti and REvil formed a new group suspected of being successors to DarkSide and BlackMatter. This group has reportedly used the Emotet botnet for ransomware distribution, indicating the persistent threat posed by individuals and techniques associated with REvil.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Sodinokibi
10
Sodinokibi, also known as REvil, is a significant threat actor first identified in April 2019. This ransomware family operates as a Ransomware-as-a-Service (RaaS) and has been responsible for one in three ransomware incidents responded to by IBM Security X-Force in 2020. The Sodinokibi ransomware st
Gandcrab
7
GandCrab, a threat actor, is known for its malicious activities involving ransomware attacks. Originating from Russian origins and evolving from Team Truniger, a former GandCrab affiliate, the group has been linked to numerous ransomware variants including Bad Rabbit, LockBit 2.0, STOP/DJVU, and REv
Maze
3
Maze is a type of malware, specifically ransomware, that gained notoriety in 2019 for its double extortion tactic. This malicious software infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Maze w
GOLD SOUTHFIELD
3
Gold Southfield is a threat actor group known for its malicious cyber activities. Secureworks® Counter Threat Unit™ (CTU) researchers have found significant overlaps in the code structure of LV ransomware and REvil, a ransomware operated by Gold Southfield. This suggests that Gold Southfield may hav
QakBot
3
Qakbot, also known as QBot, is a versatile piece of malware capable of executing several malicious activities such as brute-forcing, web injects, and loading other types of malware. It's often used to steal credentials and gather information, with the cybercriminal group Black Basta being one notabl
Akira
2
Akira is a notorious ransomware that has been wreaking havoc across various sectors. The malware, first reported by Sophos in December 2023, has demonstrated its ability to infiltrate systems and extract sensitive data. Its primary method of attack involves targeting systems without multi-factor aut
Qbot
2
Qbot, also known as Qakbot or Pinkslipbot, is a modular information-stealing malware that emerged in 2007 as a banking trojan. Over the years, it has evolved into an advanced malware strain used by multiple cybercriminal groups to compromise networks and prepare them for ransomware attacks. The firs
Sodin
2
Sodin, also known as Sodinokibi or REvil, is a sophisticated threat actor that emerged in the first half of 2019. This entity quickly drew attention due to its unique methods of distribution and attack. It exploited an Oracle Weblogic vulnerability to distribute itself and targeted Managed Service P
Carbanak
1
Carbanak is a notorious malware, short for malicious software, known for its destructive capabilities. This harmful program infiltrates systems via suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or even hold data hostage for ransom. The initial payl
Black Cat
1
Black Cat, also known as AlphV, is a prominent threat actor known for its malicious activities in the cybersecurity landscape. The group gained significant attention when it launched an attack on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. This ransomware
Pinkslipbot
1
Pinkslipbot, also known as Qakbot, QBot or QuackBot, is a modular information-stealing malware that has been active since 2008. Initially emerging in 2007 as a banking trojan, it targeted financial institutions to steal sensitive data. Over the years, however, its functionality evolved and diversifi
Pinchy Spider
1
Pinchy Spider is a prominent threat actor in the cybersecurity landscape, notorious for its involvement in ransomware and data extortion activities. The group emerged as a significant player with the advent of Ransomware-as-a-Service (RaaS), vowing to be the first ransomware gang to amass $2 billion
Apocalypse
1
Apocalypse is a threat actor known for its malicious intent in the cybersecurity world. It's associated with a variety of ransomware, including a variant named Al-Namrood. The Apocalypse ransomware and its variants have been a significant concern due to their capacity to encrypt files, making them i
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Malware
RaaS
Encrypt
Vulnerability
Linux
Locker
Cybercrime
Esxi
Exploit
Windows
Cobalt Strike
Extortion
Botnet
Ddos
Bitcoin
Apt
Russia
Encryption
russian
Zero Day
Trojan
exploitation
Phishing
Loader
Lateral Move...
Fbi
WinRAR
Azure
Aws
Breachforums
Israel
Poc
Crowdstrike
Payload
Vpn
Australian
Dropper
Microsoft
Credential S...
Governments
Vmware
exploited
Sentinelone
Ukraine
German
3cx
Sonicwall
Ibm
Spam
Esxiargs
Scam
Financial
Banking
Telegram
Sudan
European
Agriculture
Malwarebytes
netscaler
citrix
Cloudflare
DNS
Outlook
Macos
Rmm
Exploits
Data Leak
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
9
LockBit is a type of malware, specifically ransomware, that infiltrates systems to steal data or disrupt operations, often demanding ransom in return for the release of the compromised data. Notable incidents include the LockBit ransomware gang claiming to have stolen and subsequently leaking data f
ContiUnspecified
9
Conti is a type of malware, specifically ransomware, which was designed to infiltrate systems, disrupt operations, and potentially hold data hostage for ransom. The malware has been used by various threat actors, including ITG23, who have utilized it alongside other malicious software such as Trickb
BabukUnspecified
6
Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, often leading to significant disruptions in operations. A notable instance of Babuk's destructive capabilities occurred on December 7th, when a printing company fell prey to the ransomware. The
Black BastaUnspecified
6
Black Basta is a notorious malware group known for its malicious software, specifically ransomware attacks. Since early 2022, the Black Basta Ransomware gang has been actively involved in cybercrimes, amassing at least $107 million in Bitcoin ransom payments. The group's modus operandi involves expl
HiveUnspecified
5
Hive, a notorious malware known for its destructive capabilities, has been used by cybercriminals to exploit and damage computer systems. One such instance involved the infamous Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive data to crack passwords offline. This malicious software w
MegaCortexUnspecified
4
MegaCortex is a type of malware known for its harmful effects on computer systems and devices. It was identified by Dragos, a cybersecurity firm, as having a relationship with another ransomware called EKANS. Both MegaCortex and EKANS have specific characteristics that pose unique risks to industria
Conti, LockbitUnspecified
4
None
AvaddonUnspecified
4
Avaddon is a type of malware, specifically ransomware, designed to exploit and damage computer systems. It was notable for its compatibility with older systems such as Windows XP and Windows 2003, distinguishing it from other ransomware like Darkside and Babuk which targeted more modern systems like
HELLOKITTYUnspecified
3
HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat
ClopUnspecified
3
Clop is a notorious malware, short for malicious software, that is designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Clop can steal personal information, disrupt operations, or h
RyukUnspecified
3
Ryuk is a sophisticated malware, specifically a ransomware variant, that has been extensively used by cybercriminal group ITG23. The group has been employing crypting techniques for several years to obfuscate their malware, with Ryuk often seen in tandem with other malicious software such as Trickbo
AvosLockerUnspecified
2
AvosLocker is a type of malware, specifically a ransomware, that is designed to infiltrate computer systems and devices, often unbeknownst to the user. It can be spread through suspicious downloads, emails, or websites. Once it has infected a system, AvosLocker can cause significant disruption by st
Abyss LockerUnspecified
2
Abyss Locker is a formidable strain of malware, specifically ransomware, that has been observed targeting both Microsoft Windows and Linux platforms. This malicious software operates by infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside
PysaUnspecified
2
First observed in October 2019, Pysa, also known as Mespinoza, is a human-operated ransomware created by an unidentified advanced persistent threat group. It primarily targets high-value financial and governmental entities but has also been implicated in attacks on healthcare, education, and law enf
NetwalkerUnspecified
2
NetWalker is a highly profitable ransomware kit, known for its ability to disable antivirus software on Windows 10 systems and encrypt files, adding a random extension to the encrypted ones. Once executed, it disrupts operations and can even hold data hostage for ransom. It has been observed that Ne
FormbookUnspecified
2
Formbook is a type of malware, or malicious software, that can infiltrate your computer or device through suspicious downloads, emails, or websites. Once it has infected a system, it can steal personal information, disrupt operations, and potentially hold data for ransom. The individual behind the R
EgregorUnspecified
2
Egregor is a variant of the Sekhmet ransomware and operates as Ransomware-as-a-Service (RaaS). It emerged in 2020, suspected to be from former Maze affiliates. Known for its double extortion tactics, Egregor publicly shames its victims by leaking sensitive data if the ransom isn't paid. In one notab
WannaCryUnspecified
2
WannaCry is a notorious malware that was responsible for one of the largest ransomware attacks in history, occurring in 2017. This malicious software, designed to exploit and damage computer systems, infiltrated networks worldwide through suspicious downloads, emails, or websites. Once inside a syst
Lv RansomwareUnspecified
2
LV Ransomware is a type of malicious software designed to exploit and damage computer systems, often infiltrating systems through suspicious downloads, emails, or websites. This ransomware variant, also known as ".0nzo8yk Virus," was first identified in the wild in June 2020 and is a modified versio
BlackbastaUnspecified
2
BlackBasta is a highly malicious software, or malware, known for its damaging effects on computer systems and devices. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once it has gained access, BlackBasta can steal personal information, disrup
EmotetUnspecified
2
Emotet is a highly dangerous and insidious malware that has resurfaced with increased activity this summer. Originally distributed via email attachments, it infiltrates systems often without the user's knowledge, forming botnets under the control of criminals for large-scale attacks. Once infected,
TrigonaUnspecified
2
Trigona, a notable ransomware strain first identified in 2022, is a type of malicious software designed to infiltrate systems and hold data hostage for ransom. Its operations gained significant attention in 2023, as it emerged as a prominent threat in the cybersecurity landscape. Trigona had a uniqu
GootloaderUnspecified
2
Gootloader is a sophisticated malware that originated from the Gootkit banking trojan, which has been actively targeting European entities since 2010. The malware utilizes search engine optimization (SEO) poisoning techniques to draw potential victims towards compromised WordPress blogs. When unsusp
DoppelpaymerUnspecified
1
DoppelPaymer is a form of malware, specifically ransomware, known for its high-profile attacks on large organizations and municipalities. Originally based on the BitPaymer ransomware, DoppelPaymer was reworked and renamed by the threat group GOLD HERON, after initially being operated by GOLD DRAKE.
AzorultUnspecified
1
Azorult is a type of malware, or malicious software, that infiltrates systems to exploit and damage them, often without the user's knowledge. It has historically been one of the favored infostealers sold on the marketplace 2easy, alongside RedLine, Raccoon, Vidar, and Taurus. However, as of late Feb
AgentteslaUnspecified
1
AgentTesla is a well-known remote access trojan (RAT) that has been used extensively in cybercrime operations. It infiltrates systems through various methods, including malicious emails and suspicious downloads. Once inside, it can steal personal information, disrupt operations, or hold data hostage
SamSamUnspecified
1
SamSam is a type of malware, specifically ransomware, that was first deployed by the cybercriminal group GOLD LOWELL in 2015. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites and then exploit the compromised system, often stealing personal i
Maze RansomwareUnspecified
1
Maze ransomware is a type of malware that emerged in 2019, employing a double extortion tactic to wreak havoc on its victims. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for
Ta2102Unspecified
1
None
Hades RansomwareUnspecified
1
Hades ransomware is a variant of the WastedLocker malware, which is designed to exploit and damage computers or devices. It was observed by CTU researchers being used in conjunction with Advanced Port Scanner, MegaSync, and Malleable C2 tools in various cyberattack incidents. These tools have been l
Dark SideUnspecified
1
Dark Side is a malicious software (malware) that poses significant threats to computer systems and devices. It infiltrates systems often through suspicious downloads, emails, or websites, with the potential to steal personal information, disrupt operations, or even hold data for ransom. This malware
NemtyUnspecified
1
Nemty is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It was developed by a cybercriminal group known as farnetwork, which has been active since 2019. Farnetwork has been involved in several ransomware projects, including JSWORM, Nefilim, Karma, an
Rorschach RansomwareUnspecified
1
The Rorschach ransomware, also known as BabLock, is a new and unique strain of malware that was first identified by Check Point Research (CPR) and the Check Point Incident Response Team (CPIRT) in April 2023. The ransomware, which was named after the famous psychological test due to its varied appea
KarakurtUnspecified
1
Karakurt is a notorious malware and data extortion group, previously affiliated with ITG23, known for its sophisticated tactics, techniques, and procedures (TTPs). The group's operations involve stealing sensitive data from compromised systems and demanding ransoms ranging from $25,000 to a staggeri
FisheyeUnspecified
1
Fisheye is a malware program that poses significant threats to computer systems, known for exploiting and damaging devices by stealing personal information, disrupting operations, or holding data hostage for ransom. Notably, the malware has been linked with notorious cybercriminal Kondratiev, also k
RTMUnspecified
1
RTM is a malicious software, first reported as the RTM banking Trojan, that was initially detected by vendors such as Symantec and Microsoft in 2017. This malware operates on Windows 7 RTM (7600) and was later updated to a variant known as Redaman. The leaked source code of RTM has been utilized to
DridexUnspecified
1
Dridex is a well-known malware, specifically a banking Trojan, that has been utilized by cybercriminals to exploit and damage computer systems. The malware infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user, and can steal personal information, disrupt o
BitPaymerUnspecified
1
BitPaymer is a type of malware that operates as ransomware, encrypting files and demanding payment for their release. It was operated by the GOLD DRAKE threat group and was later reworked and renamed DoppelPaymer by the GOLD HERON threat group. As part of the Ransomware as a Service (RaaS) model tha
TrickBotUnspecified
1
TrickBot is a form of malware, or malicious software, that infiltrates systems to exploit and damage them. It can enter your system via dubious downloads, emails, or websites, often without the user's knowledge. Once inside, TrickBot can steal personal information, disrupt operations, or even hold d
Pay2KeyUnspecified
1
Pay2Key is a form of malware, specifically ransomware, designed to infiltrate computer systems, often without the user's knowledge. This malicious software encrypts data and holds it hostage for ransom, often causing significant disruption to operations and potentially leading to the theft of sensit
RTM LockerUnspecified
1
RTM Locker is a recently emerged ransomware that targets enterprise systems, specifically Linux virtual machines on VMware ESXi servers. This malicious software was developed from the leaked source code of the now-defunct Babuk ransomware, which was made public by an alleged member of the Babuk grou
RorschachUnspecified
1
Rorschach, also known as BabLock, is a malware variant that has been recognized for its speed and sophistication. It is a form of ransomware that encrypts files on infected systems at an unprecedented rate, with Check Point researchers noting it as one of the fastest ransomware variants ever observe
VidarUnspecified
1
Vidar is a Windows-based malware written in C++, known as an infostealer due to its ability to steal personal information from infected systems. It has been leveraged by cybercriminals alongside other malicious software like Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoade
ProLockUnspecified
1
ProLock is a type of malware, specifically ransomware, that is designed to infiltrate computer systems, often unbeknownst to the user. It typically enters systems through suspicious downloads, emails, or websites. Once inside, ProLock can steal personal information, disrupt operations, and hold data
Locker RansomwareUnspecified
1
Locker ransomware, a type of malware, poses significant risks to computer systems and data. Unlike crypto-ransomware which encrypts user data, locker ransomware locks users out of their devices entirely, demanding a ransom payment to restore access without any data encryption. This threat has evolve
NotPetyaUnspecified
1
NotPetya is a notorious malware that was unleashed in 2017, primarily targeting Ukraine but eventually impacting systems worldwide. This malicious software, which initially appeared to be ransomware, was later revealed to be data destructive malware, causing widespread disruption rather than seeking
WastedLockerUnspecified
1
WastedLocker is a type of malware developed by the Evil Corp Group, known for its malicious activities. This malware variant was first identified in 2020 and is part of an evolution of ransomware that began with Dridex, followed by DoppelPaymer developed in 2019, and then WastedLocker. The malware i
cryptolockerUnspecified
1
CryptoLocker is a type of malware, specifically ransomware, that emerged as a significant threat to cybersecurity worldwide. This malicious software infiltrated systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, CryptoLocker encrypted user
petyaUnspecified
1
Petya is a type of malware, specifically ransomware, that infected Windows-based systems primarily through phishing emails. It was notorious for its ability to disrupt operations and hold data hostage for ransom. Petya, along with other types of ransomware like WannaCry, NotPetya, TeslaCrypt, and Da
MontiUnspecified
1
The Monti ransomware group emerged in June 2022, shortly after the shutdown of operations by the Conti ransomware gang. Monti initially drew attention by mimicking the tactics of the Conti group, even employing its leaked source code to develop their own encryptor. The malicious software is known fo
WannarenUnspecified
1
None
Hive Ransomware GangUnspecified
1
The Hive ransomware gang, a malicious group known for exploiting and damaging computer systems through harmful software, was significantly disrupted by the Federal Bureau of Investigation (FBI) in a series of operations. Six months ago, according to the US Department of Justice (DOJ), the FBI infilt
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DarkSideis related to
9
DarkSide is a notorious threat actor known for its malicious activities involving ransomware attacks. The group gained significant notoriety in 2021 when it attacked the largest oil pipeline in the United States, leading to a temporary halt of all operations for three days. This incident, along with
BlackmatterUnspecified
7
BlackMatter is a threat actor that emerged as a rebrand of the infamous DarkSide ransomware group, known for its attack on Colonial Pipeline in May 2021. In November 2021, BlackMatter announced it was shutting down due to targeted actions by law enforcement. Despite this announcement, the group didn
Alphvis related to
7
AlphV, a notorious threat actor in the cybersecurity industry, has been responsible for numerous high-profile ransomware attacks. The group's activities include the theft of 5TB of data from Morrison Community Hospital and hacking Clarion, a global manufacturer of audio and video equipment for cars.
KillNetUnspecified
3
Killnet is a pro-Russian threat actor group that has been linked to a series of disruptive cyberattacks, particularly targeting governments and organizations that have expressed support for Ukraine. The group's activities gained prominence after Russia was banned from the 2022 FIFA World Cup due to
Vice SocietyUnspecified
3
Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu
FIN7Unspecified
3
FIN7, a known threat actor in the cybersecurity world, has been recognized for its malicious activities against various entities. This group, which could be an individual, a private company, or part of a government body, is notorious for executing actions with harmful intent. One notable instance of
BassterlordUnspecified
2
Bassterlord, a threat actor associated with the LockBit group, has been identified as a significant player in the cybercriminal underground. Known for his confrontational Twitter tone and public sale of an intrusion manual, Bassterlord has used multiple handles on various platforms, including "AL3xL
Sangria TempestUnspecified
2
Sangria Tempest, also known as FIN7, Carbon Spider, and ELBRUS, is a threat actor that has been active since 2014. This Russian advanced persistent threat (APT) group is known for its malicious activities, including spear-phishing campaigns, malware distribution, and theft of payment card data. In m
Anonymous SudanUnspecified
1
Anonymous Sudan, a threat actor group, has been responsible for several high-profile Distributed Denial of Service (DDoS) attacks. The group's activities have been notable for their political motivations and disruptive impact on targeted organizations. A DDoS attack overwhelms a network or service w
Gold WaterfallUnspecified
1
GOLD WATERFALL is a notable threat actor in the cybersecurity landscape, known for its operation of the Darkside ransomware. This group was previously affiliated with REvil before developing and deploying its own ransomware, Darkside. Within less than a year of operation, GOLD WATERFALL reportedly a
AnonymoussudanUnspecified
1
Anonymoussudan, a threat actor or malicious entity, has been identified as part of a recent wave of cyberattacks targeting Australian university websites. Partnering with the pro-Russian hacker group Killnet, these entities launched HTTP DDoS attacks in late March 2023, as observed by cybersecurity
Darknet ParliamentUnspecified
1
Darknet Parliament is a threat actor collective formed by pro-Russian hacktivist groups Killnet, Anonymous Sudan, and the resurged REvil. This alliance was publicly announced on June 16th, as seen in a post on the Killnet Telegram channel. The formation of Darknet Parliament appears to be a response
Conti Ransomware GangUnspecified
1
The Conti ransomware gang, a notorious threat actor in the cybersecurity landscape, has been responsible for extorting at least $180 million globally. The gang is infamous for the HSE cyberattack in 2021 and has been sanctioned by the National Crime Agency (NCA). In late 2021, experts suggested that
Sandworm AptUnspecified
1
The Sandworm Advanced Persistent Threat (APT) is a threat actor linked to Russia that has been involved in several high-profile cyber-attacks. The group, which could consist of individuals, private companies, or government entities, executes actions with malicious intent. The cybersecurity industry
Aquatic PandaUnspecified
1
Aquatic Panda, also known as Budworm, Charcoal Typhoon, ControlX, RedHotel, and Bronze University, is a significant threat actor suspected of state-backed cyber espionage activities. This group has been particularly active in the recent quarter, ranking amongst the top geopolitical groups targeting
TA505Unspecified
1
TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec
Hive RansomwareUnspecified
1
Hive ransomware, a notorious threat actor, emerged as one of the most prolific groups in 2022, executing a series of cyberattacks with malicious intent. This group was responsible for numerous ransomware attacks, causing significant disruptions and damage across various sectors. However, in January
Fox KittenUnspecified
1
Fox Kitten, an Iranian-backed threat actor group, has been identified as a significant cybersecurity risk by security researchers. The group's primary method of initial access is through VPN devices from Citrix, Fortinet, Palo Alto Networks, and Pulse Secure. Their sophisticated techniques have been
cl0pUnspecified
1
Cl0p is a threat actor group that has emerged as the most used ransomware in March 2023, dethroning LockBit. The group has successfully exploited zero-day vulnerabilities in the past, but such attacks are relatively rare. Recent research by Malwarebytes highlights the bias of ransomware gangs for at
SandwormUnspecified
1
Sandworm, a threat actor linked to Russia, is known for its malicious cyber activities. These actions have been characterized by significant breaches and disruptions, primarily targeting Ukrainian entities. This group has demonstrated advanced capabilities, including the use of fileless attacks as d
Evil CorpUnspecified
1
Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio
BtcwareUnspecified
1
None
TeslacryptUnspecified
1
TeslaCrypt is a notable threat actor that emerged with a focus on targeting computer gamers. This malicious entity was responsible for executing ransomware attacks, encrypting victims' files and demanding payment for their release. The group gained notoriety with several versions of their ransomware
Alcatraz LockerUnspecified
1
None
BadblockUnspecified
1
BadBlock is a recognized threat actor in the cybersecurity industry, known for its involvement in malicious activities. These activities typically involve the execution of ransomware attacks that encrypt user files and demand a ransom for their decryption. This group has been linked to major ransomw
EncryptileUnspecified
1
None
HadesUnspecified
1
Hades is a notable threat actor, known for its distinctive tactics and infrastructure in executing cyber attacks. The cybersecurity industry first observed Hades' operations in June 2021, with its activities marked by the use of advanced tools such as Advanced Port Scanner, MegaSync, Rclone, and Mal
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2021-30120Unspecified
1
None
CVE-2021-30119Unspecified
1
None
CVE-2021-30116Unspecified
1
None
CVE-2021-40444Unspecified
1
None
CVE-2018-8453Unspecified
1
None
CVE-2019-2725Unspecified
1
None
Pinchy Spider Gold SouthfieldUnspecified
1
None
CVE-2021-30118Unspecified
1
None
Conti's ExsiUnspecified
1
None
Gold Southfield (RevilUnspecified
1
None
Source Document References
Information about the REvil Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
BankInfoSecurity
5 days ago
4 Million People Affected by Debt Collector Data Theft Hack
Securityaffairs
7 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
8 days ago
GootLoader is still active and efficient
BankInfoSecurity
12 days ago
Millions Affected by Prudential Ransomware Hack in February
Securityaffairs
14 days ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
21 days ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading
a month ago
Developing a Plan to Respond to Critical CVEs in Open Source Software
Flashpoint
2 months ago
From Origins to Operations: Understanding Black Basta Ransomware
Securityaffairs
2 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Krebs on Security
2 months ago
U.S. Charges Russian Man as Boss of LockBit Ransomware Group
Securityaffairs
2 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
CERT-EU
8 months ago
Medical firm reaches $100,000 settlement with HHS over 2017 ransomware attack
BankInfoSecurity
5 months ago
Who is LockBitSupp? Police Delay Promise to Reveal Identity
BankInfoSecurity
5 months ago
No Big Reveal: Cops Don't Unmask LockBit's LockBitSupp
DARKReading
2 months ago
REvil Affiliate Off to Jail for Ransomware Scheme
BankInfoSecurity
2 months ago
Breach Roundup: REvil Hacker Gets Nearly 14-Year Sentence
Securityaffairs
2 months ago
Ukrainian REvil gang member sentenced to 13 years in prison
InfoSecurity-magazine
2 months ago
REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison
BankInfoSecurity
3 months ago
FIN7 Targeted US Automotive Giant In Failed Attack