REvil
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 04/08/2020 17:06
- Modified
- 27/03/2026 01:06
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 65 attack patterns (mitre), 2 intrusion sets (apt), 58 indicators
Aliases
Sodin Sodinokibi
Description
[REvil](https://attack.mitre.org/software/S0496) is a ransomware family that has been linked to the [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) group and operated as ransomware-as-a-service (RaaS) since at least April 2019. [REvil](https://attack.mitre.org/software/S0496), which as been used against organizations in the manufacturing, transportation, and electric sectors, is highly configurable and shares code similarities with the GandCrab RaaS.(Citation: Secureworks REvil September 2019)(Citation: Intel 471 REvil March 2020)(Citation: Group IB Ransomware May 2020)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
- Kaspersky Sodin July 2019
- Group IB Ransomware May 2020
- Talos Sodinokibi April 2019
- Intel 471 REvil March 2020
- McAfee REvil October 2019
- Secureworks GandCrab and REvil September 2019
- Picus Sodinokibi January 2020
- McAfee Sodinokibi October 2019
- mitre-attack (S0496)
- Cylance Sodinokibi July 2019
- Secureworks REvil September 2019
- G Data Sodinokibi June 2019
- Tetra Defense Sodinokibi March 2020