Skip to content

Hide Navigation Hide TOC

ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0)

ConnectWise is a legitimate remote administration tool that has been used since at least 2016 by threat actors including MuddyWater and GOLD SOUTHFIELD to connect to and conduct lateral movement in target environments.[Anomali Static Kitten February 2021][Trend Micro Muddy Water March 2021]

Cluster A Galaxy A Cluster B Galaxy B Level
ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0) Tidal Software Scattered Spider (3d77fb6c-cfb4-5563-b0be-7aa1ad535337) Tidal Groups 1
ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0) Tidal Software Seashell Blizzard Subgroup (785c4038-3c47-402c-93eb-9e4036a6366c) Tidal Groups 1
ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0) Tidal Software Cicada3301 Ransomware Group (7a28cff6-80df-49e1-8457-a0305e736897) Tidal Groups 1
ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0) Tidal Software SafePay Ransomware Actors (7015d001-9dcc-4361-9d27-4799d73ec426) Tidal Groups 1
ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0) Tidal Software BlackSuit Ransomware Actors (1d751794-ce94-4936-bf45-4ab86d0e3b6e) Tidal Groups 1
ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0) Tidal Software Medusa Ransomware Actors (316a49d5-5fe0-4e0b-a276-f955f4277162) Tidal Groups 1
ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0) Tidal Software GOLD SOUTHFIELD (b4d068ac-9b68-4cd8-bf0c-019f910ef8e3) Tidal Groups 1
ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0) Tidal Software RansomHub Ransomware Actors (94794e7b-8b54-4be8-885a-fd1009425ed5) Tidal Groups 1
ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0) Tidal Software Storm-1811 (f17d1768-9563-539a-8d3a-e3e9500658bf) Tidal Groups 1
ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0) Tidal Software MuddyWater (dcb260d8-9d53-404f-9ff5-dbee2c6effe6) Tidal Groups 1
ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0) Tidal Software Black Basta Affiliates (7f52cadb-7a12-4b9d-9290-1ef02123fbe4) Tidal Groups 1
ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0) Tidal Software Storm-1811 (Deprecated) (ee2da206-2532-44e3-a343-d66e9bfdbca0) Tidal Groups 1
ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0) Tidal Software LockBit Ransomware Actors & Affiliates (d0f3353c-fbdd-4bd5-8793-a42e1f319b59) Tidal Groups 1