Rewterz Threat Advisory – CVE-2021-24027 – WhatsApp for Android and WhatsApp Business for Android information disclosure
April 9, 2021Rewterz Threat Advisory – Multi Cisco Product Vulnerabilities
April 9, 2021Rewterz Threat Advisory – CVE-2021-24027 – WhatsApp for Android and WhatsApp Business for Android information disclosure
April 9, 2021Rewterz Threat Advisory – Multi Cisco Product Vulnerabilities
April 9, 2021Severity
Medium
Analysis Summary
AZORult is a Trojan stealer that collects various data on infected computers and sends it to the C&C server, including browser history, login credentials, cookies, files from folders as specified by the C&C server (for example, all TXT files from the Desktop folder), crypto wallet files, etc. The malware can also be used as a loader to download other malware.
Impact
- Information theft
- Credential theft
- Exposure of sensitive data
Indicators of Compromise
URL
- http[:]//mbstechnology[.]redirectme[.]net/index[.]php
- http[:]//45[.]56[.]119[.]148/index[.]php
- http[:]//alfawood[.]us/mkdgs/index[.]php
- https[:]//sterline[.]lt/lokk/32/index[.]php
- http[:]//108[.]61[.]161[.]76/index[.]php
- http[:]//staging[.]onyxa[.]pl/XyuTr/index[.]php
- http[:]//alfawood[.]us/xsclk/index[.]php
- http[:]//74[.]208[.]130[.]238/index[.]php
- http[:]//moreirawag[.]ac[.]ug/index[.]php
- http[:]//nmorbertomo[.]ac[.]ug/msvcp140[.]dll
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.