More_eggs (69f202e7-4bc9-4f4f-943f-330c053ae977)

More_eggs is a JScript backdoor used by Cobalt Group and FIN6. Its name was given based on the variable "More_eggs" being present in its code. There are at least two different versions of the backdoor being used, version 2.0 and version 4.4. ^{[Talos Cobalt Group July 2018]}^{[Security Intelligence More Eggs Aug 2019]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
More_eggs (69f202e7-4bc9-4f4f-943f-330c053ae977)	Tidal Software	Cobalt Group (58db02e6-d908-47c2-bc82-ed58ada61331)	Tidal Groups	1
More_eggs (69f202e7-4bc9-4f4f-943f-330c053ae977)	Tidal Software	Evilnum (4bdc62c9-af6a-4377-8431-58a6f39235dd)	Tidal Groups	1
More_eggs (69f202e7-4bc9-4f4f-943f-330c053ae977)	Tidal Software	FIN6 (fcaadc12-7c17-4946-a9dc-976ed610854c)	Tidal Groups	1