mpsvc.dll

Sodinokibi/REvil encryptor DLL side-loaded by a renamed MsMpEng.exe in the July 2, 2021 Kaseya VSA supply-chain compromise. Vasinskyi was indicted Nov. 8, 2021 by DOJ for deploying this code through Kaseya's auto-update channel to roughly 1,500 downstream customers.

family

REvil

first seen

Jul 1, 2021

publisher

DOJ