Rewterz Threat Alert – NJRAT – Active IOCs
October 8, 2021Rewterz Threat Alert – Oski Data Stealer Malware – Active IOCs
October 11, 2021Rewterz Threat Alert – NJRAT – Active IOCs
October 8, 2021Rewterz Threat Alert – Oski Data Stealer Malware – Active IOCs
October 11, 2021Severity
High
Analysis Summary
AZORult is a payment card and credential information stealer. It was sold on Russian underground forums as a means to collect sensitive information from infected systems. The malware is also able to steal cookies, browsing history, cryptocurrency, and ID/passwords. Exploits such as phishing emails and Fallout Exploit Kit (EK) paired with social engineering techniques are major infection vectors of the AZORult malware. The malware can also be used as a loader to download other malware.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 542d9c144a1a6f94ec70822c8d8b757c
- 9b2881f035d44765d0d5e27c542a1c62
- f6a627b01b8ac665add87b047e732613
SHA-256
- e31587908889029f73855cd422d13232ae6653b59c2d1c4fb36c19118ab0cbf5
- 352a416f0f48684c2694968f3752d11a98ba54b7e7739d2f91d1b49782954b07
- bbabc0cb29dc697735ab4b2d4285e9bb608f992393b734b7b20d4a4ba42a75ce
SHA-1
- 1bab2c68f4ac848b0627a13927c6d71c5a094bd0
- 27c567657f1e41fe9e3d8d46bc6ae5243fa3d0bc
- b50d28f58d0892708db4ca09658547fba013f73d
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.