March 20, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert –ServHelper Backdoor – Active IOCs
August 16, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
August 16, 2021Rewterz Threat Alert –ServHelper Backdoor – Active IOCs
August 16, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
August 16, 2021
Severity
High
Analysis Summary
APT group Evilnum aka Jointworm has been seen targeting the financial sector with malicious emails. The group first seen in 2018 with the motivation of information theft and espionage has been active recently in an attempt to rob users of their credentials and gaining sensitive information for their gain. The group has primarily targeted fintech organizations based in Israel. These attacks have a possible relationship between Cardinal RAT and another malware family named EVILNUM. EVILNUM is a JavaScript-based malware family that is used in attacks against similar organizations.
Impact
- Exposure of Sensitive Data
- Information Theft and Espionage
Indicators of Compromise
Filename
- SelfiePassport2505[.]jpg[.]lnk
MD5
- 984a7a5f67eddd64dfd538797018feb2
SHA-256
- 4902274cd09e93ceefb022aa1e9d4b5de4a855be5b518f25c79a76f185969e22
SHA-1
- 5dd7eb1d98780da7935d2c2b52708e4875316180
URL
- http[:]//apintoative[.]com/get[.]php
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Search for IOCs in your environment.