• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – AveMaria RAT – Active IOCs
July 9, 2022
Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
July 9, 2022

Rewterz Threat Alert – Evilnum APT Group – Active IOCs

July 9, 2022

Severity

High

Analysis Summary

APT group Evilnum aka Jointworm has been seen targeting the financial sector with malicious emails. The group first seen in 2018 with the motivation of information theft and espionage has been active recently in an attempt to rob users of their credentials and gaining sensitive information for their gain. The Evilnum APT group has mostly targeted FinTech (financial services) sector, particularly those in the UK and Europe that deal with trading and compliance. However, in March, 2022, the group targets Intergovernmental organizations that offer assistance related to international migration.
EVILNUM is a JavaScript-based malware family. A heavily obfuscated JavaScript was used in recent campaigns for dropping the payloads and decryption. Compared to previous versions used by EvilNum APT, this JavaScript has significant improvements in the obfuscation technique. 

According to researchers, the APT group registered several domain names using particular keywords relating to the industry vertical targeted in each new instance of the campaign.
C0pAalj9stnaxP2QgJ71chrSwtOg7rec5v6lsbBrovpAREup72nGa6FKj86-LkoJbeLRecop7U4QoQ8jiSZINw5QR_EhSvU6C7LzCOU9DvWM4szKZaF6tn6-Uxes25raBpaI07f2yCScA3gS0A

  • Image source:

Impact

  • Exposure of Sensitive Data
  • Information Theft and Espionage

Indicators of Compromise

Domain Name

  • mailservice-ns[.]com
  • advertbart[.]com
  • inetp-service[.]com
  • yomangaw[.]com
  • covdd[.]org
  • visitaustriaislands[.]com
  • traveladvnow[.]com
  • tripadvit[.]com
  • moreofestonia[.]com
  • moretraveladv[.]com
  • estoniaforall[.]com
  • bookingitnow[.]org
  • travelbooknow[.]org
  • bookaustriavisit[.]com
  • windnetap[.]com
  • roblexmeet[.]com
  • netrcmapi[.]com
  • meetomoves[.]com

MD5

  • 63090a9d67ce9534126cfa70716d735f
  • f5f9ba063e3fee25e0a298c0e108e2d4

SHA-256

  • 16d85f275aa0ce37b23f0b3c31723ae9157d6858a468737b72da8358fd8dd4f9
  • 598a2a4ca29cfefad69ea02d465c8ce5254b99ed59f90e1924d210b0772dc2c0

SHA-1

  • 7fd599e780f097fc2fe6a12a2206c817f273e0f3
    e893fee54452c0203ef05551122abb669723d463

Remediation

  • Search for IOCs in your environment.
  • Block all threat indications at their respective controls.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.