NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / Evilnum

Evilnum

G0120 MITRE ATT&CK →

Overview

Evilnum is a financially motivated threat group that has been active since at least 2018.

TTPs — 11 techniques across 6 tactics

Initial Access

T1566.002 Spearphishing Link

Execution

T1059.007 JavaScript
T1204.001 Malicious Link

Privilege Escalation

T1548.002 Bypass User Account Control

Stealth

T1070.004 File Deletion
T1497.001 System Checks
T1574.001 DLL

Credential Access

T1539 Steal Web Session Cookie
T1555 Credentials from Password Stores

Command and Control

T1105 Ingress Tool Transfer
T1219.002 Remote Desktop Software

Tools & malware (3)

More_eggs · EVILNUM · LaZagne

Reporting (1)

More evil: A deep look at Evilnum and its toolset — Porolli, M