SYMBOLCOMMON_NAMEaka. SYNONYMS

Evilnum  (Back to overview)

aka: DeathStalker, EvilNum, Jointworm, KNOCKOUT SPIDER, TA4563

ESET has analyzed the operations of Evilnum, the APT group behind the Evilnum malware previously seen in attacks against financial technology companies. While said malware has been seen in the wild since at least 2018 and documented previously, little has been published about the group behind it and how it operates. The group’s targets remain fintech companies, but its toolset and infrastructure have evolved and now consist of a mix of custom, homemade malware combined with tools purchased from Golden Chickens, a Malware-as-a-Service (MaaS) provider whose infamous customers include FIN6 and Cobalt Group.


Associated Families
osx.janicab ps1.powerpepper vbs.janicab win.stormwind

References
2022-12-08KasperskyGReAT
DeathStalker targets legal entities with new Janicab variant
Janicab Janicab Stormwind
2022-07-21ProofpointBryan Campbell, Pim Trouerbach, Proofpoint Threat Research Team, Selena Larson
Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities
EVILNUM Evilnum
2022-05-31MalwarologyGaetano Pellegrino
Janicab Series: Attibution and IoCs
Janicab
2022-05-27MalwarologyGaetano Pellegrino
Janicab Series: The Core Artifact
Janicab
2022-05-26MalwarologyGaetano Pellegrino
Janicab Series: Further Steps in the Infection Chain
Janicab
2022-05-24MalwarologyGaetano Pellegrino
Janicab Series: First Steps in the Infection Chain
Janicab
2021-02-23CrowdStrikeCrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER
2020-12-03Kaspersky LabsPierre Delcher
What did DeathStalker hide between two ferns?
PowerPepper Evilnum
2020-11-03Kaspersky LabsGReAT
APT trends report Q3 2020
WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti
2020-08-24Kaspersky LabsIvan Kwiatkowski, Maher Yamout, Pierre Delcher
Lifting the veil on DeathStalker, a mercenary triumvirate
EVILNUM Janicab Evilnum
2020-07-20Twitter (@InQuest)InQuest
Tweets on PowerPepper decryption
PowerPepper
2020-07-09ESET ResearchMatías Porolli
More evil: A deep look at Evilnum and its toolset
EVILNUM More_eggs EVILNUM TerraPreter TerraStealer TerraTV Evilnum
2018-12-13Security 0wnageMo Bustami
POWERSING - From LNK Files To Janicab Through YouTube & Twitter
Janicab
2015-09-11MacMarkMarkus Möller
CSI MacMark: Janicab
Janicab
2013-07-22AvastPeter Kálnai
Multisystem Trojan Janicab attacks Windows and MacOSX via scripts
Janicab
2013-07-15F-SecureBroderick Aquilino
Signed Mac Malware Using Right-to-Left Override Trick
Janicab

Credits: MISP Project