EYService

Description

(Epic Turla) The main functionality orchestrating the different subcomponents is contained within Data.bin, later renamed to ‘svchost.exe’. The orchestrator takes 17 different three digit codes to divert functionality within a giant switch statement. Some of the codes have not been fully implemented up to the latest samples I’ve found so far, which further suggests a continued developmental effort.

Names

Name
EYService

Type

Backdoor

Information

https://www.epicturla.com/blog/the-lost-nazar
https://blog.malwarelab.pl/posts/nazar_eyservice/
https://research.checkpoint.com/2020/nazar-spirits-of-the-past/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.eyservice

Other Information

Uuid

d1357aaf-4d8d-4164-a083-7c706e00fcbe

Last Card Change

2021-04-24

Threat Intelligence Garden

Explorer

EYService

EYService

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks