Tool: INSOMNIA| Names | INSOMNIA | |
| Category | Malware | |
| Type | Backdoor, Info stealer, Exfiltration | |
| Description | (Volexity) Successful iOS exploitation results in the INSOMNIA implant being written to the device at /tmp/updateserver. The implant is then started with the “run” command-line argument. It runs as root with various entitlements, giving it access to all the data the Evil Eye actor wishes to collect. Volexity has conducted an initial analysis of the payload delivered through the exploit chain and has been able to confirm successful exploitation of an iPhone running iOS 12.3.1. | |
| Information | <https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/> | |
Last change to this tool card: 22 April 2020
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Evil Eye |  | 2019-Jan 2020 | |||
1 group listed (1 APT, 0 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |