Rewterz Threat Alert – Lokibot Malware – Active IOCs
July 15, 2021Rewterz Threat Advisory – Multiple Palo Alto Security Vulnerabilities
July 15, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
July 15, 2021Rewterz Threat Advisory – Multiple Palo Alto Security Vulnerabilities
July 15, 2021Severity
Medium
Analysis Summary
AZORult is a payment card and credential information stealer. It was sold on Russian underground forums as a means to collect sensitive information from infected systems. The malware is also able to steal cookies, browsing history, cryptocurrency, and ID/passwords. Exploits such as phishing emails and Fallout Exploit Kit (EK) paired with social engineering techniques are major infection vectors of the AZORult malware. The malware can also be used as a loader to download other malware.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 8e465e29c78f2a541ac6462e0996f897
- d069fbe2f5e12b69c4a2e96060f320d7
- ea9cda1e4ad51d198d4267e810cc3ac0
- c52399bf41e20558230a4703dce2d0fb
SHA-256
- a3edc85105ebe8d0f51065f927cedce275bdf8348fb95679cbdb11647aeaa447
- 71ef4854c796a9a11c39f25f4c3bc5bd49b53d3592c5ba64db49cdcdc13f8e20
- ba2f0c99b62a1f3bd1e0318021bcffb683914690924f21bd638fe1ce98c5cfea
- 8fa025cfc6d8fad85c147327cb969aa672396d163c8b6950ff83e4589195dfa1
SHA1
- 558c3ec50f7fe769e3206e7ace6a2a0facef7abf
- 4880cdaec5b612df863082221e45ca52572125d3
- 3ae31a6fa364586ee707f978ed3d6ead5e2d61f9
- a1c0b6051335ae80b4d465055da9550011de135f
URL
- http[:]//37[.]0[.]11[.]128/index[.]php
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.