mrAgent (730cb8cb-3663-424b-b335-ea93533e8106)
MrAgent is a malware tool used to automate ransomware deployment on ESXi hypervisors. It provides remote access to compromised hosts, allowing threat actors to disable security controls and operate mass encryption. MrAgent gathers information on virtual environments and tracks ransomware execution across infected hypervisors.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Ransomhouse Group (61fe900f-d317-41fb-aed8-7f1052acfc5e) | Tidal Groups | mrAgent (730cb8cb-3663-424b-b335-ea93533e8106) | Tidal Software | 1 |