Rewterz Threat Alert – AZORult Malware – Active IOCs
January 18, 2022Rewterz Threat Advisory – Multiple Apache Log4j Vulnerabilities
January 19, 2022Rewterz Threat Alert – AZORult Malware – Active IOCs
January 18, 2022Rewterz Threat Advisory – Multiple Apache Log4j Vulnerabilities
January 19, 2022Severity
Medium
Analysis Summary
Since 2016, FormBook has been active as a data-stealing malware that affects 4% of enterprises in 2020. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc.
Impact
- Credential Theft
- Data Theft
- Keystroke Logging
Indicators of Compromise
Domain Name
- bupis44[.]info
MD5
- d370f1ad2df2eb4771e97e7a4999497b
- 57dd5a8e2cbdf8bc78f2efae80153613
- d69b1a9941091798aa10cecdaa7fd589
SHA-256
- 3f3d011a3815042e5896f5a9ab69fb1cd64d959b84b11ea69330b4d5b96c7bc7
- a7d0cff6a05994c0ae576fa842e44a101879317f62466923f1d96adee2c4a898
- 2e6c1e04f6f08de897e180ebf20a7ee0c5dc54e1c4041580386e24f8fbf67658
SHA-1
- 7575395dea0d983960ad4e8c365e75ad2e44285a
- 94216ba570aa9f525a4dcb8c4f74ffe4315b8568
- 7f25962001969d9b098c253b4859126b5deb47f7
URL
- hxxps[:]//rwrd[.]org/hhhhfhhhdgdbbdhgusndu879jshfhfbfhheuu447u84893h3ndjdhdfgggf/Dozgadoshoyccbbdyihfwhyai
- orlttf
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.