Rewterz Threat Advisory – Multiple OpenSSL Security Vulnerabilities
March 26, 2021Rewterz Threat Alert – ZLoader using Zoho Docs – IoCs
March 26, 2021Rewterz Threat Advisory – Multiple OpenSSL Security Vulnerabilities
March 26, 2021Rewterz Threat Alert – ZLoader using Zoho Docs – IoCs
March 26, 2021Severity
Medium
Analysis Summary
AZORult is a Trojan stealer that collects various data on infected computers and sends it to the C&C server, including browser history, login credentials, cookies, files from folders as specified by the C&C server (for example, all TXT files from the Desktop folder), cryptowallet files, etc. The malware can also be used as a loader to download other malware.
Impact
- Information theft
- Credential theft
- Exposure of sensitive data
Indicators of Compromise
URL
- http[:]//techregistrationapp[.]xyz/111/index[.]php
- http[:]//zytrox[.]tk/modex/mazx[.]scr
- http[:]//lontor-tv[.]tk/max/index[.]php
- http[:]//weilde[.]at/klein/index[.]php
- http[:]//lexusbiscuit[.]com/OiuBn/index[.]php
- http[:]//45[.]85[.]90[.]188/az1/wuvc/index[.]php
- http[:]//lexusgx[.]tk/prosper/index[.]php
- http[:]//validation[.]wootraining[.]certificacion[.]cl/BvCu/index[.]php
- http[:]//18[.]157[.]168[.]193/index[.]php
- http[:]//crmmanivela[.]com/dd[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.