S0284Windows

S0284More_eggs

Platforms
1
ATT&CK
14.1
References
6

Description

[More_eggs](https://attack.mitre.org/software/S0284) is a JScript backdoor used by [Cobalt Group](https://attack.mitre.org/groups/G0080) and [FIN6](https://attack.mitre.org/groups/G0037). Its name was given based on the variable "More_eggs" being present in its code. There are at least two different versions of the backdoor being used, version 2.0 and version 4.4. (Citation: Talos Cobalt Group July 2018)(Citation: Security Intelligence More Eggs Aug 2019)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupFIN6g0037100%live

References

  1. https://attack.mitre.org/software/S0284
  2. https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html
  3. https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/
  4. https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
  5. https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf
  6. https://usa.visa.com/dam/VCOM/global/support-legal/documents/fin6-cybercrime-group-expands-threat-To-ecommerce-merchants.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
SpicyOmelette
Software
Comnie
Software
jRAT
Software
JSS Loader
Software
RGDoor
Software
EVILNUM
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.