SYMBOLCOMMON_NAMEaka. SYNONYMS
js.evilnum (Back to overview)

EVILNUM


According proofpoint, EvilNum is a backdoor that can be used for data theft or to load additional payloads. The malware includes multiple interesting components to evade detection and modify infection paths based on identified antivirus software.

References
2022-06-27ZscalerSudeep Singh, Sahil Antil
@online{singh:20220627:return:a09268a, author = {Sudeep Singh and Sahil Antil}, title = {{Return of the Evilnum APT with updated TTPs and new targets}}, date = {2022-06-27}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/return-evilnum-apt-updated-ttps-and-new-targets}, language = {English}, urldate = {2022-06-29} } Return of the Evilnum APT with updated TTPs and new targets
EVILNUM EVILNUM
2021-01-04NSFOCUSNSFOCUS
@online{nsfocus:20210104:steganography:d039571, author = {NSFOCUS}, title = {{Steganography, Little Fire Dragon and AGENTVX: A Detailed Analysis of APT Organization EVILNUM's New Attack Activities}}, date = {2021-01-04}, organization = {NSFOCUS}, url = {http://blog.nsfocus.net/agentvxapt-evilnum/}, language = {Chinese}, urldate = {2022-01-25} } Steganography, Little Fire Dragon and AGENTVX: A Detailed Analysis of APT Organization EVILNUM's New Attack Activities
EVILNUM
2020-11-03Kaspersky LabsGReAT
@online{great:20201103:trends:febc159, author = {GReAT}, title = {{APT trends report Q3 2020}}, date = {2020-11-03}, organization = {Kaspersky Labs}, url = {https://securelist.com/apt-trends-report-q3-2020/99204/}, language = {English}, urldate = {2020-11-04} } APT trends report Q3 2020
WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti
2020-08-24Kaspersky LabsIvan Kwiatkowski, Pierre Delcher, Maher Yamout
@online{kwiatkowski:20200824:lifting:fd3c725, author = {Ivan Kwiatkowski and Pierre Delcher and Maher Yamout}, title = {{Lifting the veil on DeathStalker, a mercenary triumvirate}}, date = {2020-08-24}, organization = {Kaspersky Labs}, url = {https://securelist.com/deathstalker-mercenary-triumvirate/98177/}, language = {English}, urldate = {2020-08-25} } Lifting the veil on DeathStalker, a mercenary triumvirate
EVILNUM Janicab Evilnum
2020-07-10Github (eset)Matías Porolli
@online{porolli:20200710:evilnumindicators:639ec06, author = {Matías Porolli}, title = {{Evilnum — Indicators of Compromise}}, date = {2020-07-10}, organization = {Github (eset)}, url = {https://github.com/eset/malware-ioc/tree/master/evilnum}, language = {English}, urldate = {2020-07-11} } Evilnum — Indicators of Compromise
EVILNUM More_eggs EVILNUM TerraStealer
2020-07-09ESET ResearchMatías Porolli
@online{porolli:20200709:more:24d8b63, author = {Matías Porolli}, title = {{More evil: A deep look at Evilnum and its toolset}}, date = {2020-07-09}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/}, language = {English}, urldate = {2020-07-11} } More evil: A deep look at Evilnum and its toolset
EVILNUM More_eggs EVILNUM TerraPreter TerraStealer TerraTV Evilnum
2020-06-04Chianxin Virus Response Center
@online{center:20200604::a1c780b, author = {Chianxin Virus Response Center}, title = {{脚本系贼寇之风兴起,买卖体系堪比勒索软件}}, date = {2020-06-04}, url = {https://mp.weixin.qq.com/s/REXBtbnI2zXj4H3u6ofMMw}, language = {Chinese}, urldate = {2020-07-16} } 脚本系贼寇之风兴起,买卖体系堪比勒索软件
EVILNUM More_eggs
2020-05-06PrevailionDanny Adamitis
@online{adamitis:20200506:phantom:2a752f7, author = {Danny Adamitis}, title = {{Phantom in the Command Shell}}, date = {2020-05-06}, organization = {Prevailion}, url = {https://blog.prevailion.com/2020/05/phantom-in-command-shell5.html}, language = {English}, urldate = {2020-05-07} } Phantom in the Command Shell
EVILNUM
2019-08ClearSkyClearSky Cyber Security
@techreport{security:201908:2019:716d69e, author = {ClearSky Cyber Security}, title = {{2019 H1 Cyber Events Summary Report}}, date = {2019-08}, institution = {ClearSky}, url = {https://www.clearskysec.com/wp-content/uploads/2019/08/ClearSky-2019-H1-Cyber-Events-Summary-Report.pdf}, language = {English}, urldate = {2020-06-29} } 2019 H1 Cyber Events Summary Report
EVILNUM Cardinal RAT SappyCache
2019-03-19Palo Alto Networks Unit 42Tom Lancaster, Josh Grunzweig
@online{lancaster:20190319:cardinal:b75240f, author = {Tom Lancaster and Josh Grunzweig}, title = {{Cardinal RAT Sins Again, Targets Israeli Fin-Tech Firms}}, date = {2019-03-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cardinal-rat-sins-again-targets-israeli-fin-tech-firms/}, language = {English}, urldate = {2020-01-13} } Cardinal RAT Sins Again, Targets Israeli Fin-Tech Firms
EVILNUM Cardinal RAT EVILNUM
2018-05-24pwncode.io blogc0d3inj3cT
@online{c0d3inj3ct:20180524:javascript:af29dab, author = {c0d3inj3cT}, title = {{JavaScript based Bot using Github C&C}}, date = {2018-05-24}, organization = {pwncode.io blog}, url = {http://www.pwncode.io/2018/05/javascript-based-bot-using-github-c.html}, language = {English}, urldate = {2020-05-23} } JavaScript based Bot using Github C&C
EVILNUM

There is no Yara-Signature yet.