Rewterz Threat Advisory – Node.js npm-user-validate module denial of service
October 20, 2020Rewterz Threat Advisory – VMWare Multiple Vulnerabilities
October 20, 2020Rewterz Threat Advisory – Node.js npm-user-validate module denial of service
October 20, 2020Rewterz Threat Advisory – VMWare Multiple Vulnerabilities
October 20, 2020Severity
Medium
Analysis Summary
Active IoCs have been retrieved linked to the Azorult malware, that target and infect victims with the Azorult stealer. AZORult is a Trojan stealer that collects various data on infected computers and sends it to the C&C server, including browser history, login credentials, cookies, files from folders as specified by the C&C server (for example, all TXT files from the Desktop folder), cryptowallet files, etc.
Impact
- Credential Theft
- Exposure of sensitive information
Indicators of Compromise
URL
- http[:]//testwp[.]warungpencar[.]com/bp/index[.]php
- http[:]//wetransferdownloads[.]duckdns[.]org/ftp[.]exe
- http[:]//pilsans[.]com/mxnjs/index[.]php
- http[:]//64[.]137[.]176[.]70/index[.]php
- http[:]//perbqnd[.]myscriptcase[.]com/index[.]php
- http[:]//vietmustpay[.]ga/azo/azorult/PL341/index[.]php
- http[:]//fentuys[.]com/dcmlks/index[.]php
- http[:]//37[.]49[.]225[.]194/32/index[.]php
- http[:]//letitburns[.]ug/freebl3[.]dll
- http[:]//letitburns[.]ug/msvcp140[.]dll
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.