G0120 · 11 ATT&CK techniques · 0 correlated reports

Evilnum

Aliases: None listed

Evilnum is a financially motivated threat group that has been active since at least 2018.

Open interactive actor investigation

ATT&CK techniques

T1497.001
System ChecksT1219
Remote Access SoftwareT1539
Steal Web Session CookieT1566.002
Spearphishing LinkT1548.002
Bypass User Account ControlT1070.004
File DeletionT1574.001
DLL Search Order HijackingT1204.001
Malicious LinkT1555
Credentials from Password StoresT1105
Ingress Tool TransferT1059.007
JavaScript

Correlated CTI and IR reports

Continue the investigation

Interactive ThreatMapper ThreatMapper documentation CTI Analyst Field Manual Israel Threat Actors CTI Anomaly Detection Atlas ITDR Handbook 1200km Medium research