Rewterz Threat Alert – AZORult Malware

Rewterz Threat Advisory – CVE-2021-25249 – Trend Micro Apex One privilege escalation

February 2, 2021

Rewterz Threat Alert – Lebanese Cedar APT Targeting Organizations in Middle East and Beyond

February 2, 2021

Rewterz Threat Alert – AZORult Malware – IOC’s

Severity

Medium

Aanlysis Summary

AZORult is a Trojan stealer that collects various data on infected computers and sends it to the C&C server, including browser history, login credentials, cookies, files from folders as specified by the C&C server (for example, all TXT files from the Desktop folder), cryptowallet files, etc. The malware can also be used as a loader to download other malware.

Impact

Information theft
Credential theft
Exposure of sensitive data

Indicators of Compromise

URL

http[:]//mkontakt[.]az/du[.]exe
http[:]//mkontakt[.]az/bro[.]exe
http[:]//45[.]63[.]54[.]115/index[.]php
http[:]//13[.]127[.]215[.]254/index[.]php
http[:]//mkontakt[.]az/guy[.]exe
http[:]//mkontakt[.]az/131[.]exe
http[:]//mkontakt[.]az/alofus[.]exe
http[:]//mkontakt[.]az/ajoche[.]exe
http[:]//mkontakt[.]az/chma[.]exe
http[:]//mkontakt[.]az/pp[.]exe

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Rewterz Threat Advisory – CVE-2021-25249 – Trend Micro Apex One privilege escalation

Rewterz Threat Alert – Lebanese Cedar APT Targeting Organizations in Middle East and Beyond

Rewterz Threat Alert – AZORult Malware – IOC’s

Severity

Aanlysis Summary

Impact

Indicators of Compromise

URL

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan