MEGAsync (eed908e5-a0b3-473f-bca4-0d3197af2168)

A legitimate binary that automates syncing between an endpoint and the MEGA Cloud Drive.^{[GitHub meganz MEGAsync]} Adversaries are known to abuse the tool for data exfiltration purposes.^{[U.S. CISA BianLian Ransomware May 2023]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Akira (923f478c-7ad1-516f-986d-61f96b9c553e)	Tidal Groups	MEGAsync (eed908e5-a0b3-473f-bca4-0d3197af2168)	Tidal Software	1
Phobos Ransomware Actors (f138c814-48c0-4638-a4d6-edc48e7ac23a)	Tidal Groups	MEGAsync (eed908e5-a0b3-473f-bca4-0d3197af2168)	Tidal Software	1
MEGAsync (eed908e5-a0b3-473f-bca4-0d3197af2168)	Tidal Software	Vanilla Tempest (efd2fca2-45fb-4eaf-82e7-0d20c156f84f)	Tidal Groups	1
MEGAsync (eed908e5-a0b3-473f-bca4-0d3197af2168)	Tidal Software	BlackCat Ransomware Actors & Affiliates (33159d02-a1ce-49ec-a381-60b069db66f7)	Tidal Groups	1
MEGAsync (eed908e5-a0b3-473f-bca4-0d3197af2168)	Tidal Software	Hive Ransomware Actors (05cd82bb-f8fc-40f3-83ba-1586ef953d05)	Tidal Groups	1
MEGAsync (eed908e5-a0b3-473f-bca4-0d3197af2168)	Tidal Software	Scattered Spider (3d77fb6c-cfb4-5563-b0be-7aa1ad535337)	Tidal Groups	1
LockBit Ransomware Actors & Affiliates (d0f3353c-fbdd-4bd5-8793-a42e1f319b59)	Tidal Groups	MEGAsync (eed908e5-a0b3-473f-bca4-0d3197af2168)	Tidal Software	1
BianLian Ransomware Group (a2add2a0-2b54-4623-a380-a9ad91f1f2dd)	Tidal Groups	MEGAsync (eed908e5-a0b3-473f-bca4-0d3197af2168)	Tidal Software	1
MEGAsync (eed908e5-a0b3-473f-bca4-0d3197af2168)	Tidal Software	FIN11 (ecdbd431-d62b-4b30-8663-b1ecb4304ec0)	Tidal Groups	1