← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Evilnum APT returns with updated TTPs and New Targets
WHITE AlienVault 2022-06-29 Modified: 2022-06-29
55
IOCs
HIGH VOLUME
Researchers identified several instances of their low-volume targeted attack campaigns launched against the UK and Europe. In earlier campaigns observed in 2021, the main distribution vector used by this threat group was Windows Shortcut files (LNK) sent inside malicious archive files (ZIP) as email attachments in spear phishing emails to the victims. In the most recent instances, the threat actor has started using MS Office Word documents, leveraging document template injection to deliver the malicious payload to the victims’ machines.
evilnumaptmalicious documentsjavascriptvba macro
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (4 / 55 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 49b65b553ad506ce6fb20b84468a543208aa0691 SHA1 of 61776b209b01d62565e148585fda1954 2022-06-29
FileHash-SHA1 7ebcc05d39ff25ad7814ed2ad081b7e8ec5a5003 SHA1 of 6d329140fb53a3078666e17c249ce112 2022-06-29
FileHash-SHA1 9172ef18ad1d0e5aa0e947321dbd2ed38bd7755d SHA1 of 4406d7271b00328218723b0a89fb953b 2022-06-29
FileHash-SHA1 9d692fc1ee6ea146d70d6bb307e3c0fed6c5bd24 SHA1 of db0866289dfded1174941880af94296f 2022-06-29
References (1)
↗ https://www.zscaler.com/blogs/security-research/return-evilnum-apt-updated-ttps-and-new-targets