Rewterz Threat Alert – Ryuk Ransomware – Active IOCs
December 4, 2020Rewterz Threat Alert – Snake Ransomware – Active IOCs
December 7, 2020Rewterz Threat Alert – Ryuk Ransomware – Active IOCs
December 4, 2020Rewterz Threat Alert – Snake Ransomware – Active IOCs
December 7, 2020Severity
High
Analysis Summary
Active IoCs have been retrieved linked to the Azorult malware, that target and infect victims with the Azorult stealer. AZORult is a Trojan stealer that collects various data on infected computers and sends it to the C&C server, including browser history, login credentials, cookies, files from folders as specified by the C&C server (for example, all TXT files from the Desktop folder), cryptowallet files, etc.
Impact
- Credential Theft
- Exposure of sensitive information
Indicators of Compromise
URL
- http[:]//sparepartiran[.]com/js/pt/Q2ANYkCXSvnnbyu[.]exe
- http[:]//185[.]239[.]242[.]195/vh/index[.]php
- http[:]//sparepartiran[.]com/js/2Q/FOT-09701xls[.]exe
- http[:]//sparepartiran[.]com/js/2Q/FOT-39602[.]exe
- http[:]//sparepartiran[.]com/js/2Q/Xdipqn3[.]exe
- http[:]//sparepartiran[.]com/js/d1/vHJ9aMdbRpFATd3[.]exe
- http[:]//binatones[.]gq/felix/index[.]php
- http[:]//sparepartiran[.]com/js/d1/zal4Ghb9IPjs8ed[.]exe
- http[:]//morasergiox[.]ac[.]ug/index[.]php
- http[:]//217[.]8[.]117[.]77/ozchgftrq[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.