| SYMBOL | COMMON_NAME | aka. SYNONYMS |
ESET has analyzed the operations of Evilnum, the APT group behind the Evilnum malware previously seen in attacks against financial technology companies. While said malware has been seen in the wild since at least 2018 and documented previously, little has been published about the group behind it and how it operates. The group’s targets remain fintech companies, but its toolset and infrastructure have evolved and now consist of a mix of custom, homemade malware combined with tools purchased from Golden Chickens, a Malware-as-a-Service (MaaS) provider whose infamous customers include FIN6 and Cobalt Group.
| 2022-12-08
⋅
Kaspersky
⋅
DeathStalker targets legal entities with new Janicab variant Janicab Janicab Stormwind |
| 2022-07-21
⋅
Proofpoint
⋅
Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities EVILNUM Evilnum |
| 2022-05-31
⋅
Malwarology
⋅
Janicab Series: Attibution and IoCs Janicab |
| 2022-05-27
⋅
Malwarology
⋅
Janicab Series: The Core Artifact Janicab |
| 2022-05-26
⋅
Malwarology
⋅
Janicab Series: Further Steps in the Infection Chain Janicab |
| 2022-05-24
⋅
Malwarology
⋅
Janicab Series: First Steps in the Infection Chain Janicab |
| 2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
| 2020-12-03
⋅
Kaspersky Labs
⋅
What did DeathStalker hide between two ferns? PowerPepper Evilnum |
| 2020-11-03
⋅
Kaspersky Labs
⋅
APT trends report Q3 2020 WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti |
| 2020-08-24
⋅
Kaspersky Labs
⋅
Lifting the veil on DeathStalker, a mercenary triumvirate EVILNUM Janicab Evilnum |
| 2020-07-20
⋅
Twitter (@InQuest)
⋅
Tweets on PowerPepper decryption PowerPepper |
| 2020-07-09
⋅
ESET Research
⋅
More evil: A deep look at Evilnum and its toolset EVILNUM More_eggs EVILNUM TerraPreter TerraStealer TerraTV Evilnum |
| 2018-12-13
⋅
Security 0wnage
⋅
POWERSING - From LNK Files To Janicab Through YouTube & Twitter Janicab |
| 2015-09-11
⋅
⋅
MacMark
⋅
CSI MacMark: Janicab Janicab |
| 2013-07-22
⋅
Avast
⋅
Multisystem Trojan Janicab attacks Windows and MacOSX via scripts Janicab |
| 2013-07-15
⋅
F-Secure
⋅
Signed Mac Malware Using Right-to-Left Override Trick Janicab |