SYMBOLCOMMON_NAMEaka. SYNONYMS
js.more_eggs (Back to overview)

More_eggs

aka: SpicyOmelette, SKID

Actor(s): Cobalt, FIN6, VENOM SPIDER


More_eggs is a JavaScript backdoor used by the Cobalt group. It attempts to connect to its C&C server and retrieve tasks to carry out, some of which are:
- d&exec = download and execute PE file
- gtfo = delete files/startup entries and terminate
- more_eggs = download additional/new scripts
- more_onion = run new script and terminate current script
- more_power = run command shell commands

References
2024-06-10The Hacker NewsRavie Lakshmanan
More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack
More_eggs
2023-04-20SecuronixDen Iyzvyk, Oleg Kolesnikov, Tim Peck
New OCX#HARVESTER Attack Campaign Leverages a Modernized More_eggs Suite to Target Victims
More_eggs
2023-03-10Security0wnageSecurity0wnage
How Do You Like Dem Eggs? I like Mine Scrambled, Really Scrambled - A Look at Recent more_eggs Samples
More_eggs
2023-01-24eSentireJoe Stewart, Keegan Keplinger
Unmasking Venom Spider
More_eggs TerraPreter TerraLoader VenomLNK
2022-08-25ExpelAndrew Jerry, Kyle Pellett
MORE_EGGS and Some LinkedIn Resumé Spearphishing
More_eggs
2022-04-21eSentireeSentire Threat Response Unit (TRU)
Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire
More_eggs TerraLoader VenomLNK
2021-04-05eSentireeSentire
Hackers Spearphish Professionals on LinkedIn with Fake Job Offers, Infecting them with Malware, Warns eSentire
More_eggs TerraPreter TerraLoader VenomLNK
2020-09-03Twitter (@Arkbird_SOLG)Arkbird
Tweet on development in more_eggs
More_eggs
2020-07-20QuoIntelligence
Golden Chickens: Evolution Oof the MaaS
More_eggs TerraLoader TerraStealer VenomLNK
2020-07-10Github (eset)Matías Porolli
Evilnum — Indicators of Compromise
EVILNUM More_eggs EVILNUM TerraStealer
2020-07-09ESET ResearchMatías Porolli
More evil: A deep look at Evilnum and its toolset
EVILNUM More_eggs EVILNUM TerraPreter TerraStealer TerraTV Evilnum
2020-06-04Chianxin Virus Response Center
脚本系贼寇之风兴起,买卖体系堪比勒索软件
EVILNUM More_eggs
2020-04-07SecurityIntelligenceOle Villadsen
ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework
More_eggs Anchor TrickBot
2020-03-04CrowdStrikeCrowdStrike
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER
2020-02-13QianxinQi Anxin Threat Intelligence Center
APT Report 2019
Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy
2020-01-01SecureworksSecureWorks
GOLD KINGSWOOD
More_eggs ATMSpitter Cobalt Strike CobInt MimiKatz Cobalt
2020-01-01SecureworksSecureWorks
GOLD KINGSWOOD
More_eggs ATMSpitter Cobalt Strike CobInt MimiKatz
2019-08-29Security IntelligenceJoey Victorino, Kevin Henson, Melissa Frydrych, Ole Villadsen
More_eggs, Anyone? Threat Actor ITG08 Strikes Again
More_eggs FIN6
2019-06-04BitdefenderBitdefender
An APT Blueprint: Gaining New Visibility into Financial Threats
More_eggs Cobalt Strike
2019-02-21ProofpointProofpoint Threat Insight Team
Fake Jobs: Campaigns Delivering More_eggs Backdoor via Fake Job Offers
More_eggs
2018-10-17MITRE ATT&CKMITRE
Software Description: More_eggs
More_eggs
2018-10-08MorphisecMichael Gorelik
Cobalt Group 2.0
More_eggs
2018-09-27SecureworksCounter Threat Unit ResearchTeam
Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish
More_eggs Cobalt
2018-08-30NetScoutASERT Team
Double the Infection, Double the Fun
More_eggs CobInt
2018-07-31Cisco TalosVanja Svajcer
Multiple Cobalt Personality Disorder
More_eggs
2018-03-02ReaqtaReaqta
Spear-phishing campaign leveraging on MSXSL
More_eggs
2017-11-20Trend MicroFyodor Yarochkin, Lenart Bermejo, Ronnie Giagone
Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks
More_eggs Cobalt
2017-08-07Trend MicroFyodor Yarochkin, Lenart Bermejo, Ronnie Giagone, Rubio Wu
Backdoor-carrying Emails Set Sights on Russian-speaking Businesses
More_eggs

There is no Yara-Signature yet.