May 2, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – LokiBot Malware – Updated IOCs
April 16, 2021Rewterz Threat Advisory – CVE-2021-1485 – Cisco IOS XR Software Command Injection Vulnerability
April 16, 2021Rewterz Threat Alert – LokiBot Malware – Updated IOCs
April 16, 2021Rewterz Threat Advisory – CVE-2021-1485 – Cisco IOS XR Software Command Injection Vulnerability
April 16, 2021
Severity
Medium
Analysis Summary
AZORult is a payment card and credential information stealer. It was sold on Russian underground forums as a means to collect sensitive information from infected systems. The malware is also able to steal cookies, browsing history, cryptocurrency, and ID/passwords. Exploits such as phishing emails and Fallout Exploit Kit (EK) paired with social engineering techniques are major infection vectors of the AZORult malware.The malware can also be used as a loader to download other malware.
Impact
- Information theft
- Credential theft
- Exposure of sensitive data
Indicators of Compromise
URL
- http[:]//149[.]28[.]226[.]192/index[.]php
- http[:]//academiayara[.]es/yxafIBkhMsZBlgM[.]exe
- http[:]//45[.]76[.]21[.]114/index[.]php
- http[:]//kbinsure-preview[.]ml/AZORult/index[.]php
- http[:]//mbstechnology[.]redirectme[.]net/index[.]php
- http[:]//45[.]56[.]119[.]148/index[.]php
- http[:]//alfawood[.]us/mkdgs/index[.]php
- https[:]//sterline[.]lt/lokk/32/index[.]php
- http[:]//108[.]61[.]161[.]76/index[.]php
- http[:]//staging[.]onyxa[.]pl/XyuTr/index[.]php
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
