Rewterz Threat Alert – Vidar Malware – Active IOCs
September 14, 2021Rewterz Threat Alert – Orcus RAT – Active IOCs
September 14, 2021Rewterz Threat Alert – Vidar Malware – Active IOCs
September 14, 2021Rewterz Threat Alert – Orcus RAT – Active IOCs
September 14, 2021Severity
High
Analysis Summary
AZORult is a payment card and credential information stealer. It was sold on Russian underground forums as a means to collect sensitive information from infected systems. The malware is also able to steal cookies, browsing history, cryptocurrency, and ID/passwords. Exploits such as phishing emails and Fallout Exploit Kit (EK) paired with social engineering techniques are major infection vectors of the AZORult malware. The malware can also be used as a loader to download other malware.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 0c0465e72513edbb662407a4b1fe127e
- 2787bb2d1ab223f8ac2692f3a8fd85fc
- 788b4e08c4e938a42e293e28fb9e094a
- 0c0465e72513edbb662407a4b1fe127e
- c3072add527e51f8c18cdde988cb2f1a
SHA-256
- 8764b673268c50c93a845e89b84fe3d7e420807c049106bad73250799f04d5ec
- 952e3e059251cd41e3c67006c5aa4b75fe3e6b0f18d96554b2d60d4ccfb78cb4
- baad4799f2c076b17cbfdbf41f430af17daaa4236d75115d6f54d72f21453e61
- 8764b673268c50c93a845e89b84fe3d7e420807c049106bad73250799f04d5ec
- 683d63c5bb1373524d9bc2e29ffd3601c5b35be4a6390555a45fb06a545863d3
SHA-1
- 22cd40ee90bcd9eaa5805d063b8aa27779106e87
- dc34ee4e46ddea333cdc90e4aad7589cb8ee1ea0
- cfb8aa33773277d8ad0f67f1a33eea9ed66e8dea
- 22cd40ee90bcd9eaa5805d063b8aa27779106e87
- 23090de264a4cb6ff029af39da31015e150296f7
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.