Rewterz Threat Alert – Evilnum APT Group

Rewterz Threat Alert – Ryuk Ransomware – Active IOCs

March 8, 2022

Rewterz Threat Alert – Lokibot Malware – Active IOCs

March 8, 2022

Rewterz Threat Alert – Evilnum APT Group – Active IOCs

Severity

High

Analysis Summary

Evilnum is a financial-motivated APT group that has been active since 2018. This group has been involved in several attacks throughout its brief history while its targets stayed constant. Evilnum has been pursuing financial technology startups and will continue to do so. They have mostly targeted companies in the EU and the United Kingdom, while there have been instances of targets in Canada and Australia. One of the new additions to Evilnum’s arsenal is PyVil RAT, a remote access trojan built-in Python, according to the researchers.

Impact

Exposure of Sensitive Data
Information Theft and Espionage

Indicators of Compromise

MD5

f7673b6855c72b780fdd863d098da693
fb9a3c2a59c7ff226be7c0518186b8b3
d1f069c6021aba84d1fa010295312315
b530f07a762f1564b8e9b03119cd819b
919d5caa8dc19df3fee7dd888a6eefe2
97dec820bc0f0bc306e3500c70dddb60

SHA-256

5aa1109d057e830d6f3faf4b6ff6f69075d158dadb5f46794b3e07685922d09d
b4d51dda11c811cb1d6da5a108633b0af426b5ed43b8549bf9b74566cf315411
a0ec772fd0d24ce6e5c8ffd9ec018f3b2463d6d0246d8cb9b8bbbe9230dba330
11a86fa02f23ab1cdbe24468b450b0b3968099e2fabfeffb0690a2bf5c3059a8
4a4538334b54f9fa5b149030b6d7c13599729514b544340310040cfae743f9eb
619409a1f10da8c12d62b64b5d34726bab0e9298a074cf425d575520995dc2fa

SHA-1

c47e7946412a72958b48620908ad9b6df4409284
9ea8ae74a18508c646ec53c436032a97b6808f9f
85f3f53c12a8bb7d9525b5d30ec51fdc354c1a21
82de1c6ec12c1febfb6dc3bf39ca22b4576d7da3
80f910fa706afd9d2d37ff28b7b7b7f1d09fa8af
417195867d8e49b98ffcc4cc5570a1a5fd286044

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.