216.73.217.172

REvil

The MITRE Corporation · Published 04/08/2020 17:06 · Modified 27/03/2026 01:06 Family

Essential information

Confidence
100/100
Is family
Yes
Published
04/08/2020 17:06
Modified
27/03/2026 01:06
Revoked
No
Author / Source
The MITRE Corporation
Related entities
65 attack patterns (mitre), 2 intrusion sets (apt), 58 indicators

Aliases

Sodin Sodinokibi

Description

[REvil](https://attack.mitre.org/software/S0496) is a ransomware family that has been linked to the [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) group and operated as ransomware-as-a-service (RaaS) since at least April 2019. [REvil](https://attack.mitre.org/software/S0496), which as been used against organizations in the manufacturing, transportation, and electric sectors, is highly configurable and shares code similarities with the GandCrab RaaS.(Citation: Secureworks REvil September 2019)(Citation: Intel 471 REvil March 2020)(Citation: Group IB Ransomware May 2020)

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references