Rewterz Threat Advisory – Multiple security vulnerabilities in VMware Products
May 29, 2020Rewterz Threat Advisory – CVE-2020-4306 – IBM Planning Analytics Local Cross-Site Scripting Vulnerability
June 1, 2020Rewterz Threat Advisory – Multiple security vulnerabilities in VMware Products
May 29, 2020Rewterz Threat Advisory – CVE-2020-4306 – IBM Planning Analytics Local Cross-Site Scripting Vulnerability
June 1, 2020Severity
Medium
Analysis Summary
AZORult is a Trojan stealer that collects various data on infected computers and sends it to the C&C server, including browser history, login credentials, cookies, files from folders as specified by the C&C server (for example, all TXT files from the Desktop folder), cryptowallet files, etc.
The malware can also be used as a loader to download other malware.
Impact
- Information theft
- Credential theft
- Exposure of sensitive data
Indicators of Compromise
URL
- http[:]//polosatik[.]site/612[.]exe
- http[:]//ffvgdsv[.]ug/az2[.]exe
- https[:]//tenntechs[.]com/apps/index[.]php
- http[:]//ffacscs[.]ug/nw[.]exe
- http[:]//34[.]107[.]4[.]68/gate/sqlite3[.]dll
- http[:]//34[.]107[.]4[.]68
- http[:]//34[.]107[.]4[.]68/gate/libs[.]zip
Remediation
- Block all threat indicators at your respective controls.
- Search for IOC’s in your environment