Names | TerraPreter | |
Category | Malware | |
Type | Loader | |
Description | (ESET) Evilnum group also uses 64-bit executables that decrypt and run a Meterpreter instance in memory. The use of Meterpreter gives them flexibility and the ability to run various payloads in a stealthy and extensible way. The structure of these components and the integrity checks implemented were identified as TerraLoader (More_eggs) code. That’s why we refer to these components as TerraPreter. | |
Information | <https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/> |
Last change to this tool card: 10 July 2020
Download this tool card in JSON format
Previous: TerraCrypt
Next: TerraRecon
Changed | Name | Country | Observed | ||
APT groups | |||||
Evilnum | [Unknown] | 2018-Aug 2020 | |||
Other groups | |||||
Venom Spider, Golden Chickens | ![]() | 2017-Feb 2019 |
2 groups listed (1 APT, 1 other, 0 unknown)
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on![]() ![]() |
Report incidents |
|
![]() |
+66 (0)2-123-1234 | |
![]() |
report@thaicert.or.th | |
![]() |
Download PGP key |