← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Evilnum APT returns with updated TTPs and New Targets
WHITE AlienVault 2022-06-29 Modified: 2022-06-29
55
IOCs
HIGH VOLUME
Researchers identified several instances of their low-volume targeted attack campaigns launched against the UK and Europe. In earlier campaigns observed in 2021, the main distribution vector used by this threat group was Windows Shortcut files (LNK) sent inside malicious archive files (ZIP) as email attachments in spear phishing emails to the victims. In the most recent instances, the threat actor has started using MS Office Word documents, leveraging document template injection to deliver the malicious payload to the victims’ machines.
evilnumaptmalicious documentsjavascriptvba macro
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (11 / 55 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0b4f0ead0482582f7a98362dbf18c219 2022-06-29
FileHash-MD5 4406d7271b00328218723b0a89fb953b 2022-06-29
FileHash-MD5 51425c9bbb9ff872db45b2c1c3ca0854 2022-06-29
FileHash-MD5 61776b209b01d62565e148585fda1954 2022-06-29
FileHash-MD5 63090a9d67ce9534126cfa70716d735f 2022-06-29
FileHash-MD5 6d329140fb53a3078666e17c249ce112 2022-06-29
FileHash-MD5 79157a3117b8d64571f60fe62c19bf17 2022-06-29
FileHash-MD5 db0866289dfded1174941880af94296f 2022-06-29
FileHash-MD5 ea71fcc615025214b2893610cfab19e9 2022-06-29
FileHash-MD5 f0d3cff26b419aff4acfede637f6d3a2 2022-06-29
FileHash-MD5 f5f9ba063e3fee25e0a298c0e108e2d4 2022-06-29
References (1)
↗ https://www.zscaler.com/blogs/security-research/return-evilnum-apt-updated-ttps-and-new-targets