evilginx2
MITRE
Malware Type:
Tool
Tool
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[evilginx2](https://attack.mitre.org/software/S9003) is an open-source adversary-in-the-middle (AiTM) attack framework based on the open-source nginx web server. [evilginx2](https://attack.mitre.org/software/S9003) can be used as a reverse proxy between victims and legitimate web services to intercept and capture credentials, authentication tokens, and session cookies.(Citation: Evilginx 2 July 2018)(Citation: Breakdev Evilginx 2.1 SEP 2018)(Citation: Sophos Evilginx MAR 2025)
Associated Techniques (14)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1001 | Data Obfuscation | - |
| T1016 | System Network Configuration Discovery | - |
| T1059.007 | JavaScript | - |
| T1071.001 | Web Protocols | - |
| T1090.002 | External Proxy | - |
| T1111 | Multi-Factor Authentication Interception | - |
| T1132 | Data Encoding | - |
| T1185 | Browser Session Hijacking | - |
| T1480 | Execution Guardrails | - |
| T1497.003 | Time Based Checks | - |
| T1539 | Steal Web Session Cookie | - |
| T1553.004 | Install Root Certificate | - |
| T1557 | Adversary-in-the-Middle | - |
| T1598.003 | Spearphishing Link | - |
Metadata
| ID: | 164807 |
| Created: | 28/04/2026 16:00 |
| Updated: | 10/05/2026 04:00 |