Malware: EVILNUM

Description

[EVILNUM](https://attack.mitre.org/software/S0568) is fully capable backdoor that was first identified in 2018. [EVILNUM](https://attack.mitre.org/software/S0568) is used by the APT group [Evilnum](https://attack.mitre.org/groups/G0120) which has the same name.(Citation: ESET EvilNum July 2020)(Citation: Prevailion EvilNum May 2020)

External References

• mitre-attack
• Prevailion EvilNum May 2020
• ESET EvilNum July 2020

Techniques Used by This Malware

• T1033 — System Owner/User Discovery
• T1041 — Exfiltration Over C2 Channel
• T1047 — Windows Management Instrumentation
• T1070 — Indicator Removal
• T1070.006 — Timestomp
• T1082 — System Information Discovery
• T1102.003 — One-Way Communication
• T1105 — Ingress Tool Transfer
• T1112 — Modify Registry
• T1218.010 — Regsvr32
• T1218.011 — Rundll32
• T1518.001 — Security Software Discovery
• T1539 — Steal Web Session Cookie
• T1547.001 — Registry Run Keys / Startup Folder

APT Groups Using This Malware

• Evilnum