Rewterz

Rewterz Threat Alert – Ryuk Ransomware – Active IOCs

March 8, 2022
Rewterz

Rewterz Threat Alert – Lokibot Malware – Active IOCs

March 8, 2022

Rewterz Threat Alert – Evilnum APT Group – Active IOCs

Severity

High

Analysis Summary

Evilnum is a financial-motivated APT group that has been active since 2018. This group has been involved in several attacks throughout its brief history while its targets stayed constant. Evilnum has been pursuing financial technology startups and will continue to do so. They have mostly targeted companies in the EU and the United Kingdom, while there have been instances of targets in Canada and Australia. One of the new additions to Evilnum’s arsenal is PyVil RAT, a remote access trojan built-in Python, according to the researchers.

Impact

  • Exposure of Sensitive Data
  • Information Theft and Espionage

Indicators of Compromise

MD5

  • f7673b6855c72b780fdd863d098da693
  • fb9a3c2a59c7ff226be7c0518186b8b3
  • d1f069c6021aba84d1fa010295312315
  • b530f07a762f1564b8e9b03119cd819b
  • 919d5caa8dc19df3fee7dd888a6eefe2
  • 97dec820bc0f0bc306e3500c70dddb60

SHA-256

  • 5aa1109d057e830d6f3faf4b6ff6f69075d158dadb5f46794b3e07685922d09d
  • b4d51dda11c811cb1d6da5a108633b0af426b5ed43b8549bf9b74566cf315411
  • a0ec772fd0d24ce6e5c8ffd9ec018f3b2463d6d0246d8cb9b8bbbe9230dba330
  • 11a86fa02f23ab1cdbe24468b450b0b3968099e2fabfeffb0690a2bf5c3059a8
  • 4a4538334b54f9fa5b149030b6d7c13599729514b544340310040cfae743f9eb
  • 619409a1f10da8c12d62b64b5d34726bab0e9298a074cf425d575520995dc2fa

SHA-1

  • c47e7946412a72958b48620908ad9b6df4409284
  • 9ea8ae74a18508c646ec53c436032a97b6808f9f
  • 85f3f53c12a8bb7d9525b5d30ec51fdc354c1a21
  • 82de1c6ec12c1febfb6dc3bf39ca22b4576d7da3
  • 80f910fa706afd9d2d37ff28b7b7b7f1d09fa8af
  • 417195867d8e49b98ffcc4cc5570a1a5fd286044

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.