ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0)

ConnectWise is a legitimate remote administration tool that has been used since at least 2016 by threat actors including MuddyWater and GOLD SOUTHFIELD to connect to and conduct lateral movement in target environments.^{[Anomali Static Kitten February 2021]}^{[Trend Micro Muddy Water March 2021]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Black Basta Affiliates (7f52cadb-7a12-4b9d-9290-1ef02123fbe4)	Tidal Groups	ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0)	Tidal Software	1
Cicada3301 Ransomware Group (7a28cff6-80df-49e1-8457-a0305e736897)	Tidal Groups	ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0)	Tidal Software	1
ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0)	Tidal Software	RansomHub Ransomware Actors (94794e7b-8b54-4be8-885a-fd1009425ed5)	Tidal Groups	1
ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0)	Tidal Software	MuddyWater (dcb260d8-9d53-404f-9ff5-dbee2c6effe6)	Tidal Groups	1
GOLD SOUTHFIELD (b4d068ac-9b68-4cd8-bf0c-019f910ef8e3)	Tidal Groups	ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0)	Tidal Software	1
BlackSuit Ransomware Actors (1d751794-ce94-4936-bf45-4ab86d0e3b6e)	Tidal Groups	ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0)	Tidal Software	1
Scattered Spider (3d77fb6c-cfb4-5563-b0be-7aa1ad535337)	Tidal Groups	ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0)	Tidal Software	1
LockBit Ransomware Actors & Affiliates (d0f3353c-fbdd-4bd5-8793-a42e1f319b59)	Tidal Groups	ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0)	Tidal Software	1
Storm-1811 (ee2da206-2532-44e3-a343-d66e9bfdbca0)	Tidal Groups	ConnectWise (6f9bb24d-cce2-49de-bedd-1849d9bde7a0)	Tidal Software	1