ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Evilnum

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Evilnum

NamesEvilnum
Marvel
CategoryMalware
TypeLoader, Backdoor
Description(ESET) This component communicates with a C&C server and acts as a backdoor without the need for any additional program. However, in most attacks that we have seen, the attackers deployed additional components as they saw fit and used the JS malware only as a first stage.

The first known mention of this JavaScript malware was in May 2018 in this pwncode article.
Information<https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/>
<http://www.pwncode.io/2018/05/javascript-based-bot-using-github-c.html>
<https://blog.prevailion.com/2020/05/phantom-in-command-shell5.html>
<https://securelist.com/deathstalker-mercenary-triumvirate/98177/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/js.evilnum>
<https://malpedia.caad.fkie.fraunhofer.de/details/win.evilnum>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:evilnum>

Last change to this tool card: 26 August 2020

Download this tool card in JSON format

Previous: EvilGrab RAT
Next: Exaramel

All groups using tool Evilnum

ChangedNameCountryObserved

APT groups

 Evilnum[Unknown]2018-Aug 2020 

Other groups

 Deceptikons, DeathStalker[Unknown]2012-May 2020 

2 groups listed (1 APT, 1 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key