Sanctions Be Damned | From Dridex To Macaw, The Evolution of
Evil Corp
By Author:
Archived: 2026-04-05 12:59:18 UTC
1SA N C T I O N S B E DA M N E D | F R O M D R I D E X TO M AC AW, T H E E VO LU T I O N O F E V I
L CO R P
SANCTIONS BE DAMNED |
FROM DRIDEX TO MACAW,
THE EVOLUTION OF EVIL CORP
Author: Antonio Pirozzi, Antonis Terefos and Idan Weizman February 2022 SentinelLABS Research Team
2SA N C T I O N S B E DA M N E D | F R O M D R I D E X TO M AC AW, T H E E VO LU T I O N O F E V I
L CO R P
TABLE OF
CONTENTS
3 EXECUTIVE SUMMMARY
4 BACKGROUND
6 THE EVIL CORP
MALWARE LINEAGE
28 OTHER TOOLSET EXPANSION
29 MACAW LOCKER
RANSOMWARE
34 CRYPTONE: THE PACKER
44 INFRASTRUCTURE OVERLAPS
46 CONCLUSIONS
48 MITRE ATT&CK
TTPS OBSERVED
52 YARA RULES
53 INDICATORS OF
COMPROMISE [IOCS]
60 APPENDIX
63 ABOUT SENTINELLABS
Source: https://assets.sentinelone.com/sentinellabs/sentinellabs_EvilCorp
https://assets.sentinelone.com/sentinellabs/sentinellabs_EvilCorp
Page 1 of 1