Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
June 2, 2021Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 2, 2021Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
June 2, 2021Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 2, 2021Severity
High
Analysis Summary
APT group Evilnum aka Jointworm has been seen targeting the financial sector with malicious emails. The group first seen in 2018 with the motivation of information theft and espionage has been active recently in an attempt to rob users of their credentials and gaining sensitive information for their gain. The group has primarily targeted fintech organizations based in Israel. These attacks have a possible relationship between Cardinal RAT and another malware family named EVILNUM. EVILNUM is a JavaScript-based malware family that is used in attacks against similar organizations.
Impact
- Information theft and espionage
- Exposure of sensitive data
Indicators of Compromise
Filename
- Docs010621[.] zip
- SelfiePassport291[.]jpg[.]lnk
MD5
- 04918bae6c83b6307b9c6c2018da6991
SHA-256
- bc203f44b48c9136786891be153311c37ce74ceb7eb540d515032c152f5eb2fb
SHA1
- ea84ed5ccf0b5f17304de239ca24396f25f328e8
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.