ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool EvilGrab RAT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: EvilGrab RAT

NamesEvilGrab RAT
EvilGrab
Vidgrab
Wmonder
BKDR_HGDER
BKDR_EVILOGE
BKDR_NVICM
CategoryMalware
TypeBackdoor, Info stealer
Description(Trend Micro) Recently, we spotted a new malware family that was being used in targeted attacks – the EvilGrab malware family. It is called EvilGrab due to its behavior of grabbing audio, video, and screenshots from affected machines. We detect EvilGrab under the following malware families:
• BKDR_HGDER
• BKDR_EVILOGE
• BKDR_NVICM

Looking into the feedback provided by the Smart Protection Network, EvilGrab is most prevalent in the Asia-Pacific region, with governments being the dominant sector targeted. These are consistent with known trends in targeted attacks.
Information<https://blog.trendmicro.com/trendlabs-security-intelligence/evilgrab-malware-family-used-in-targeted-attacks-in-asia/>
MITRE ATT&CK<https://attack.mitre.org/software/S0152/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.evilgrab>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:evilgrab>

Last change to this tool card: 23 April 2020

Download this tool card in JSON format

All groups using tool EvilGrab RAT

ChangedNameCountryObserved

APT groups

 Nightshade Panda, APT 9, Group 27China2013-Sep 2016 
 Stone Panda, APT 10, menuPassChina2006-Jul 2020X

2 groups listed (2 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key