Evilnum | APT Profile

Description

[Evilnum](https://attack.mitre.org/groups/G0120) is a financially motivated threat group that has been active since at least 2018.(Citation: ESET EvilNum July 2020)

Techniques Used (TTPs)

T1497.001 — System Checks (defense-evasion, discovery)
T1219.002 — Remote Desktop Software (command-and-control)
T1539 — Steal Web Session Cookie (credential-access)
T1566.002 — Spearphishing Link (initial-access)
T1548.002 — Bypass User Account Control (privilege-escalation, defense-evasion)
T1070.004 — File Deletion (defense-evasion)
T1574.001 — DLL (persistence, privilege-escalation, defense-evasion)
T1204.001 — Malicious Link (execution)
T1555 — Credentials from Password Stores (credential-access)
T1105 — Ingress Tool Transfer (command-and-control)
T1059.007 — JavaScript (execution)

Total TTPs: 11

Malware & Tools

Malware: EVILNUM, More_eggs

Tools: LaZagne

← Return to Home ← Back to APT Search