Rewterz Threat Advisory – CVE-2021-25249 – Trend Micro Apex One privilege escalation
February 2, 2021Rewterz Threat Alert – Lebanese Cedar APT Targeting Organizations in Middle East and Beyond
February 2, 2021Rewterz Threat Advisory – CVE-2021-25249 – Trend Micro Apex One privilege escalation
February 2, 2021Rewterz Threat Alert – Lebanese Cedar APT Targeting Organizations in Middle East and Beyond
February 2, 2021Severity
Medium
Aanlysis Summary
AZORult is a Trojan stealer that collects various data on infected computers and sends it to the C&C server, including browser history, login credentials, cookies, files from folders as specified by the C&C server (for example, all TXT files from the Desktop folder), cryptowallet files, etc. The malware can also be used as a loader to download other malware.
Impact
- Information theft
- Credential theft
- Exposure of sensitive data
Indicators of Compromise
URL
- http[:]//mkontakt[.]az/du[.]exe
- http[:]//mkontakt[.]az/bro[.]exe
- http[:]//45[.]63[.]54[.]115/index[.]php
- http[:]//13[.]127[.]215[.]254/index[.]php
- http[:]//mkontakt[.]az/guy[.]exe
- http[:]//mkontakt[.]az/131[.]exe
- http[:]//mkontakt[.]az/alofus[.]exe
- http[:]//mkontakt[.]az/ajoche[.]exe
- http[:]//mkontakt[.]az/chma[.]exe
- http[:]//mkontakt[.]az/pp[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.