ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool INSOMNIA

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: INSOMNIA

NamesINSOMNIA
CategoryMalware
TypeBackdoor, Info stealer, Exfiltration
Description(Volexity) Successful iOS exploitation results in the INSOMNIA implant being written to the device at /tmp/updateserver. The implant is then started with the “run” command-line argument. It runs as root with various entitlements, giving it access to all the data the Evil Eye actor wishes to collect.

Volexity has conducted an initial analysis of the payload delivered through the exploit chain and has been able to confirm successful exploitation of an iPhone running iOS 12.3.1.
Information<https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/>

Last change to this tool card: 22 April 2020

Download this tool card in JSON format

Previous: Infy
Next: Inveigh

All groups using tool INSOMNIA

ChangedNameCountryObserved

APT groups

 Evil EyeChina2019-Jan 2020 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key