Rewterz Threat Alert – Evilnum APT Group – Active IOCs

Severity

High

Analysis Summary

Evilnum is a financial-motivated APT group that has been active since 2018. This group has been involved in several attacks throughout its brief history while its targets stayed constant. Evilnum has been pursuing financial technology startups and will continue to do so. They have mostly targeted companies in the EU and the United Kingdom, while there have been instances of targets in Canada and Australia. One of the new additions to Evilnum’s arsenal is PyVil RAT, a remote access trojan built-in Python, according to the researchers.

Impact

• Exposure of Sensitive Data
• Information Theft and Espionage

Indicators of Compromise

MD5

• f7673b6855c72b780fdd863d098da693
• fb9a3c2a59c7ff226be7c0518186b8b3
• d1f069c6021aba84d1fa010295312315
• b530f07a762f1564b8e9b03119cd819b
• 919d5caa8dc19df3fee7dd888a6eefe2
• 97dec820bc0f0bc306e3500c70dddb60

SHA-256

• 5aa1109d057e830d6f3faf4b6ff6f69075d158dadb5f46794b3e07685922d09d
• b4d51dda11c811cb1d6da5a108633b0af426b5ed43b8549bf9b74566cf315411
• a0ec772fd0d24ce6e5c8ffd9ec018f3b2463d6d0246d8cb9b8bbbe9230dba330
• 11a86fa02f23ab1cdbe24468b450b0b3968099e2fabfeffb0690a2bf5c3059a8
• 4a4538334b54f9fa5b149030b6d7c13599729514b544340310040cfae743f9eb
• 619409a1f10da8c12d62b64b5d34726bab0e9298a074cf425d575520995dc2fa

SHA-1

• c47e7946412a72958b48620908ad9b6df4409284
• 9ea8ae74a18508c646ec53c436032a97b6808f9f
• 85f3f53c12a8bb7d9525b5d30ec51fdc354c1a21
• 82de1c6ec12c1febfb6dc3bf39ca22b4576d7da3
• 80f910fa706afd9d2d37ff28b7b7b7f1d09fa8af
• 417195867d8e49b98ffcc4cc5570a1a5fd286044

Remediation

• Block all threat indicators at your respective controls.
• Search for IOCs in your environment.