← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Evilnum APT returns with updated TTPs and New Targets
WHITE AlienVault 2022-06-29 Modified: 2022-06-29
55
IOCs
HIGH VOLUME
Researchers identified several instances of their low-volume targeted attack campaigns launched against the UK and Europe. In earlier campaigns observed in 2021, the main distribution vector used by this threat group was Windows Shortcut files (LNK) sent inside malicious archive files (ZIP) as email attachments in spear phishing emails to the victims. In the most recent instances, the threat actor has started using MS Office Word documents, leveraging document template injection to deliver the malicious payload to the victims’ machines.
evilnumaptmalicious documentsjavascriptvba macro
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (55)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0b4f0ead0482582f7a98362dbf18c219 2022-06-29
FileHash-MD5 4406d7271b00328218723b0a89fb953b 2022-06-29
FileHash-MD5 51425c9bbb9ff872db45b2c1c3ca0854 2022-06-29
FileHash-MD5 61776b209b01d62565e148585fda1954 2022-06-29
FileHash-MD5 63090a9d67ce9534126cfa70716d735f 2022-06-29
FileHash-MD5 6d329140fb53a3078666e17c249ce112 2022-06-29
FileHash-MD5 79157a3117b8d64571f60fe62c19bf17 2022-06-29
FileHash-MD5 db0866289dfded1174941880af94296f 2022-06-29
FileHash-MD5 ea71fcc615025214b2893610cfab19e9 2022-06-29
FileHash-MD5 f0d3cff26b419aff4acfede637f6d3a2 2022-06-29
FileHash-MD5 f5f9ba063e3fee25e0a298c0e108e2d4 2022-06-29
FileHash-SHA1 49b65b553ad506ce6fb20b84468a543208aa0691 SHA1 of 61776b209b01d62565e148585fda1954 2022-06-29
FileHash-SHA1 7ebcc05d39ff25ad7814ed2ad081b7e8ec5a5003 SHA1 of 6d329140fb53a3078666e17c249ce112 2022-06-29
FileHash-SHA1 9172ef18ad1d0e5aa0e947321dbd2ed38bd7755d SHA1 of 4406d7271b00328218723b0a89fb953b 2022-06-29
FileHash-SHA1 9d692fc1ee6ea146d70d6bb307e3c0fed6c5bd24 SHA1 of db0866289dfded1174941880af94296f 2022-06-29
FileHash-SHA256 4ad43986f7130d8d1a40f0377e0c1ada1115fae3e972b339f728d0e794b4a20f SHA256 of 4406d7271b00328218723b0a89fb953b 2022-06-29
FileHash-SHA256 531e1e4e076fc0e5a792b60bd138209105f22b2e7b9818aff5efc0ff9f616917 SHA256 of 61776b209b01d62565e148585fda1954 2022-06-29
FileHash-SHA256 78c6c33ebb8d5311c85c58817a1cce7bd126aa9457155962e7d5d2ffcc74c805 SHA256 of 6d329140fb53a3078666e17c249ce112 2022-06-29
FileHash-SHA256 c4cedf78bf239c28e49e43a21c723ec66ffaca48a7b2c4767f73437325c7cc0d SHA256 of db0866289dfded1174941880af94296f 2022-06-29
domain advertbart.com 2022-06-29
domain appdllsvc.com 2022-06-29
domain azuredcloud.com 2022-06-29
domain bgamifieder.com 2022-06-29
domain bingapianalytics.com 2022-06-29
domain book-advp.com 2022-06-29
domain bookaustriavisit.com 2022-06-29
domain bookingitnow.org 2022-06-29
domain bunflun.com 2022-06-29
domain covdd.org 2022-06-29
domain deltacldll.com 2022-06-29
domain estoniaforall.com 2022-06-29
domain inetp-service.com 2022-06-29
domain infcloudnet.com 2022-06-29
domain khnga.com 2022-06-29
domain mailservice-ns.com 2022-06-29
domain meetomoves.com 2022-06-29
domain moreofestonia.com 2022-06-29
domain moretraveladv.com 2022-06-29
domain mscloudin.com 2022-06-29
domain msdllopt.com 2022-06-29
domain netrcmapi.com 2022-06-29
domain netwebsoc.com 2022-06-29
domain nortonalytics.com 2022-06-29
domain pcamanalytics.com 2022-06-29
domain refinance-ltd.com 2022-06-29
domain roblexmeet.com 2022-06-29
domain traveladvnow.com 2022-06-29
domain travelbooknow.org 2022-06-29
domain travinfor.com 2022-06-29
domain tripadvit.com 2022-06-29
domain udporm.com 2022-06-29
domain visitaustriaislands.com 2022-06-29
domain webinfors.com 2022-06-29
domain windnetap.com 2022-06-29
domain yomangaw.com 2022-06-29
References (1)
↗ https://www.zscaler.com/blogs/security-research/return-evilnum-apt-updated-ttps-and-new-targets