Severity
Medium
Analysis Summary
Active IoCs have been retrieved linked to the Azorult malware, that target and infect victims with the Azorult stealer. AZORult is a Trojan stealer that collects various data on infected computers and sends it to the C&C server, including browser history, login credentials, cookies, files from folders as specified by the C&C server (for example, all TXT files from the Desktop folder), cryptowallet files, etc.
Impact
- Credential Theft
- Exposure of sensitive information
Indicators of Compromise
URL
- http[:]//wjnigh[.]myzen[.]co[.]uk/azo2/PL341/index[.]php
- http[:]//esdemaayekkabi[.]xyz/e/index[.]php
- http[:]//destrong[.]xyz/des/index[.]php
- http[:]//daimnler[.]xyz/des/index[.]php
- http[:]//mkontakt[.]az/nkem[.]exe
- http[:]//favfav[.]xyz/fav/index[.]php
- http[:]//216[.]170[.]114[.]70/regasm/chrome[.]exe
- http[:]//rogatech[.]gq/endy/index[.]php
- http[:]//45[.]79[.]153[.]245/index[.]php
- http[:]//18[.]184[.]52[.]107/index[.]php
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.