SYMBOLCOMMON_NAMEaka. SYNONYMS

Storm-1113  (Back to overview)


Storm-1113 is a threat actor that acts both as an access broker focused on malware distribution through search advertisements and as an “as-a-service” entity providing malicious installers and landing page frameworks. In Storm-1113 malware distribution campaigns, users are directed to landing pages mimicking well-known software that host installers, often MSI files, that lead to the installation of malicious payloads. Storm-1113 is also the developer of EugenLoader, a commodity malware first observed around November 2022.


Associated Families
ps1.eugenloader

References
2024-11-21IntrinsecCTI Intrinsec, Intrinsec
PROSPERO & Proton66: Uncovering the links between bulletproof networks
Coper SpyNote FAKEUPDATES GootLoader EugenLoader
2024-11-20IntrinsecEquipe CTI
PROSPERO & Proton66: Tracing Uncovering the links between bulletproof networks
Coper SpyNote FAKEUPDATES GootLoader EugenLoader IcedID Matanbuchus Nokoyawa Ransomware Pikabot
2024-08-13GoogleGoogle
Finding Malware: Unveiling NUMOZYLOD with Google Security Operations
EugenLoader UNC4536
2024-07-02SekoiaQuentin Bourgue
Exposing FakeBat loader: distribution methods and adversary infrastructure
BlackCat Royal Ransom EugenLoader Carbanak Cobalt Strike DICELOADER Gozi IcedID Lumma Stealer NetSupportManager RAT Pikabot RedLine Stealer SectopRAT Sliver SmokeLoader Vidar
2023-12-30Rewterz Information SecurityRewterz Information Security
Rewterz Threat Alert – Widely Abused MSIX App Installer Disabled by Microsoft – Active IOCs
EugenLoader POWERTRASH BATLOADER DarkGate FlawedGrace NetSupportManager RAT SectopRAT Storm-0506
2023-12-12eSentireRob Pittman
Unraveling BatLoader and FakeBat
EugenLoader
2023-02-28Intel 471Intel 471
Malvertising Surges to Distribute Malware
EugenLoader BATLOADER IcedID

Credits: MISP Project