Evilnum
Associated Group Descriptions |
|
| Name | Description |
|---|---|
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1548 | .002 | Abuse Elevation Control Mechanism: Bypass User Account Control |
Evilnum has used PowerShell to bypass UAC.(Citation: ESET EvilNum July 2020) |
| Enterprise | T1059 | .007 | Command and Scripting Interpreter: JavaScript |
Evilnum has used malicious JavaScript files on the victim's machine.(Citation: ESET EvilNum July 2020) |
| Enterprise | T1574 | .001 | Hijack Execution Flow: DLL Search Order Hijacking |
Evilnum has used the malware variant, TerraTV, to load a malicious DLL placed in the TeamViewer directory, instead of the original Windows DLL located in a system folder.(Citation: ESET EvilNum July 2020) |
| Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
Evilnum has deleted files used during infection.(Citation: ESET EvilNum July 2020) |
| Enterprise | T1566 | .002 | Phishing: Spearphishing Link |
Evilnum has sent spearphishing emails containing a link to a zip file hosted on Google Drive.(Citation: ESET EvilNum July 2020) |
| Enterprise | T1204 | .001 | User Execution: Malicious Link |
Evilnum has sent spearphishing emails designed to trick the recipient into opening malicious shortcut links which downloads a .LNK file.(Citation: ESET EvilNum July 2020) |
| Enterprise | T1497 | .001 | Virtualization/Sandbox Evasion: System Checks |
Evilnum has used a component called TerraLoader to check certain hardware and file information to detect sandboxed environments. (Citation: ESET EvilNum July 2020) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.