EvilBunny

Description

(Infosec Institute) EvilBunny is written in C++ and is able to detect installed antivirus and other defensive solutions. It includes a Lua 5.1 interpreter, which allows the spyware to execute Lua scripts and change its behavior at runtime.

The experts discovered that EvilBunny is able to receive commands from the C&C server at least in three different ways, via HTTP, through a downloaded database file or as a scheduled task.

The EvilBunny malware was initially delivered through a malicious PDF document, exploiting CVE-2011-4369. Once compromised the target the malware is loaded onto the system and infects the PC with EvilBunny malware.

Names

Name
EvilBunny

Type

Backdoor

Information

https://resources.infosecinstitute.com/animal-farm-apt-and-the-shadow-of-france-intelligence/
https://www.cyphort.com/evilbunny-malware-instrumented-lua/
https://www.gdatasoftware.com/blog/2015/02/24270-babar-espionage-software-finally-found-and-put-under-the-microscope

Mitre Attack

https://attack.mitre.org/software/S0396/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.evilbunny

Other Information

Uuid

dbcec021-bbde-487d-85e3-684c4fb7e9bb

Last Card Change

2020-05-13

Threat Intelligence Garden

Explorer

EvilBunny

EvilBunny

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks