IPsec Helper (e6fa005e-4690-5336-8a03-5f667ea38f3f)
IPsec Helper is a post-exploitation remote access tool linked to Agrius operations. This malware shares significant programming and functional overlaps with Apostle ransomware, also linked to Agrius. IPsec Helper provides basic remote access tool functionality such as uploading files from victim systems, running commands, and deploying additional payloads.[SentinelOne Agrius 2021]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Agrius (36c70cf2-c7d5-5926-8155-5d3a63e3e55a) | Tidal Groups | IPsec Helper (e6fa005e-4690-5336-8a03-5f667ea38f3f) | Tidal Software | 1 |