Tool: Evilnum| Names | Evilnum Marvel | |
| Category | Malware | |
| Type | Loader, Backdoor | |
| Description | (ESET) This component communicates with a C&C server and acts as a backdoor without the need for any additional program. However, in most attacks that we have seen, the attackers deployed additional components as they saw fit and used the JS malware only as a first stage. The first known mention of this JavaScript malware was in May 2018 in this pwncode article. | |
| Information | <https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/> <http://www.pwncode.io/2018/05/javascript-based-bot-using-github-c.html> <https://blog.prevailion.com/2020/05/phantom-in-command-shell5.html> <https://securelist.com/deathstalker-mercenary-triumvirate/98177/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/js.evilnum> <https://malpedia.caad.fkie.fraunhofer.de/details/win.evilnum> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:evilnum> | |
Last change to this tool card: 27 August 2020
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Evilnum | [Unknown] | 2018-Aug 2020 | |||
Other groups | |||||
| Deceptikons, DeathStalker | [Unknown] | 2012-May 2020 | |||
2 groups listed (1 APT, 1 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |