Skip to content

Hide Navigation Hide TOC

GrimAgent (c40a71d4-8592-4f82-8af5-18f763e52caf)

GrimAgent is a backdoor that has been used before the deployment of Ryuk ransomware since at least 2020; it is likely used by FIN6 and Wizard Spider.[Group IB GrimAgent July 2021]

Cluster A Galaxy A Cluster B Galaxy B Level
Wizard Spider (0b431229-036f-4157-a1da-ff16dfc095f8) Tidal Groups GrimAgent (c40a71d4-8592-4f82-8af5-18f763e52caf) Tidal Software 1
FIN6 (fcaadc12-7c17-4946-a9dc-976ed610854c) Tidal Groups GrimAgent (c40a71d4-8592-4f82-8af5-18f763e52caf) Tidal Software 1