Evlf: Cypher Rat

It is not uncommon for new RAT families to use obscure naming conventions. If “Cypher Rat Evlf” were a real threat, it might denote an ELF-based (Linux) RAT with encryption features (“Cypher”) and a component named “Evlf.” However, major threat intelligence databases (VirusTotal, MITRE ATT&CK, AnyRun) show zero samples with this string. Therefore, it is .

This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later. EVLF DEV-The Creator of CypherRAT and CraxsRAT - cyfirma Cypher Rat Evlf

EVLF’s downfall began when Cyfirma linked his operations to a cryptocurrency wallet. They convinced the wallet provider, Freewallet, to freeze his funds. In a desperate attempt to resolve the freeze, the developer posted on a public cryptocurrency forum, providing researchers with crucial evidence, including his . It is not uncommon for new RAT families