REvil (9314531e-bf46-4cba-9c19-198279ccf9cd)

REvil is a ransomware family that has been linked to the GOLD SOUTHFIELD group and operated as ransomware-as-a-service (RaaS) since at least April 2019. REvil, which as been used against organizations in the manufacturing, transportation, and electric sectors, is highly configurable and shares code similarities with the GandCrab RaaS.^{[Secureworks REvil September 2019]}^{[Intel 471 REvil March 2020]}^{[Group IB Ransomware May 2020]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
REvil (9314531e-bf46-4cba-9c19-198279ccf9cd)	Tidal Software	FIN7 (4348c510-50fc-4448-ab8d-c8cededd19ff)	Tidal Groups	1
REvil (9314531e-bf46-4cba-9c19-198279ccf9cd)	Tidal Software	GOLD SOUTHFIELD (b4d068ac-9b68-4cd8-bf0c-019f910ef8e3)	Tidal Groups	1
REvil (9314531e-bf46-4cba-9c19-198279ccf9cd)	Tidal Software	TA577 (e1e72810-4661-54c7-b05e-859128fb327d)	Tidal Groups	1
REvil (9314531e-bf46-4cba-9c19-198279ccf9cd)	Tidal Software	TA577 (Deprecated) (28f3dbcc-b248-442f-9ff3-234210bb2f2a)	Tidal Groups	1