Rewterz Threat Alert – Trickbot Malware- Active IOCs
July 13, 2021Rewterz Threat Advisory – Multiple Apple Zero-Day Vulnerabilities
July 13, 2021Rewterz Threat Alert – Trickbot Malware- Active IOCs
July 13, 2021Rewterz Threat Advisory – Multiple Apple Zero-Day Vulnerabilities
July 13, 2021Severity
Medium
Analysis Summary
APT group Evilnum aka Jointworm has been seen targeting the financial sector with malicious emails. The group first seen in 2018 with the motivation of information theft and espionage has been active recently in an attempt to rob users of their credentials and gaining sensitive information for their gain. The group has primarily targeted fintech organizations based in Israel. These attacks have a possible relationship between Cardinal RAT and another malware family named EVILNUM. EVILNUM is a JavaScript-based malware family that is used in attacks against similar organizations.
Impact
- Information theft and espionage
- Exposure of sensitive data
Indicators of Compromise
Filename
- ComplianceSCANS_273F7BE2[.]zip
- DoublesidePassport[.]jpg[.]lnk
MD5
- 04d9c818a70686842e275d1698cd9a65
- 041cc53c6152bc5ac0ada6fb7cb12bb4
SHA-256
- 355cb89d112806bc58bfcd3a7631357f97506788125252ff835bbac9fe47b9ad
- b60ae30ba90f852f886bb4e9aaabe910add2b70278e3a88a3b7968f644e10554
SHA1
- b659cd45b84a309f87ded68a4b4f7e0216ce01eb
- 4db1413ced5d050a27aeb9ebae40fe8e65198b7b
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Search for IOCs in your environment.