Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
October 18, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
October 18, 2021Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
October 18, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
October 18, 2021Severity
High
Analysis Summary
AZORult is a payment card and credential information stealer. It was sold on Russian underground forums as a means to collect sensitive information from infected systems. The malware is also able to steal cookies, browsing history, cryptocurrency, and ID/passwords. Exploits such as phishing emails and Fallout Exploit Kit (EK) paired with social engineering techniques are major infection vectors of the AZORult malware. The malware can also be used as a loader to download other malware.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
IP
- 185[.]163[.]47[.]239
- 51[.]15[.]247[.]8
URL
- http[:]//51[.]15[.]247[.]8/64803B71-DDC3-42B4-8230-0E3D067859EB/index[.]php
- https[:]//ghghghfhfhfh[.]000webhostapp[.]com/gfc[.]exe
- http[:]//185[.]163[.]47[.]239/l/f/o-POunoBagrSXdgRlxjK/9bc4a239ff59791e0f9bee08cf4ee36ef8f74982
- http[:]//ddlakava[.]ac[.]ug/ghjkl[.]exe
- http[:]//185[.]163[.]47[.]239/
- http[:]//durov[.]website/gayathri/index[.]php
- http[:]//cwownola[.]org/AqwE/index[.]php
- http[:]//hdmilg[.]xyz/galvanizedzx[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.