EvilGrab

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Evilgrab is a type of malicious software designed to exploit and damage computer systems. It can infect a system through suspicious downloads, emails, or websites without the user's knowledge, allowing it to steal personal information, disrupt operations, or even hold data hostage for ransom. In June 2015, Palo Alto Networks reported that the Evilgrab malware had been delivered via a watering hole attack on the President of Myanmar's website. The threat actors signed the 3102 payload with a digital certificate that was also used to sign a 9002 sample with ties to the Evilgrab payload. The domain used as the command-and-control (C2) server in this attack was hosted on the President of Myanmar's website. The 3102 payload used in this attack appears to be related to the Evilgrab payload delivered in the May 2015 watering hole attack on the same website. This suggests that the attackers had been actively targeting the website and its users for some time. The use of a digital certificate to sign these payloads highlights the increasing sophistication of modern cyberattacks and the need for strong security measures to protect against them.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the EvilGrab Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media