Rewterz Threat Alert – Lokibot Active- IOCs
May 24, 2021Rewterz Threat Alert – LokiBot Malware – Active IOCs
May 25, 2021Rewterz Threat Alert – Lokibot Active- IOCs
May 24, 2021Rewterz Threat Alert – LokiBot Malware – Active IOCs
May 25, 2021Severity
High
Analysis Summary
APT group Evilnum aka Jointworm has been seen targeting the financial sector with malicious emails. The group first seen in 2018 with the motivation of information theft and espionage has been active recently in an attempt to rob users off their credentials and gaining sensitive information for their gain. The group has primarily targeted fintech organizations based in Israel. These attacks have a possible relationship between Cardinal RAT and another malware family named EVILNUM. EVILNUM is a JavaScript-based malware family that is used in attacks against similar organizations.
Impact
- Information theft and espionage
- Exposure of sensitive data
Indicator of Compromise
Filename
Complaint[.]zip
MD5
8d51e841a947b3c1a6275ba6277653a1
SHA-256
a7051dce028722fbadd198a9fd0481dd800f19b8ea35892d16f5d126d85d7e41
SHA1
b90ae45ba7589acb7679e28be706e9ad168365b0
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.