Rewterz Threat Alert – AZORult Active-IOCs

Rewterz Threat Alert – Nanocore Rat – Fresh IOCs

August 10, 2021

Rewterz Threat Alert – Kimsuky APT Group – Active IOCs

August 10, 2021

Rewterz Threat Alert – AZORult Active-IOCs

Severity

Medium

Analysis Summary

AZORult is a payment card and credential information stealer. It was sold on Russian underground forums as a means to collect sensitive information from infected systems. The malware is also able to steal cookies, browsing history, cryptocurrency, and ID/passwords. Exploits such as phishing emails and Fallout Exploit Kit (EK) paired with social engineering techniques are major infection vectors of the AZORult malware. The malware can also be used as a loader to download other malware.

Impact

Information Theft
Credential Theft
Exposure of Sensitive Data

Indicators of Compromise

MD5

bf88f6a18838de44403fea24b330be48

SHA-256

8517738b158a4f15ad9fb58ac7bdd9d3f42c605c46f45c8cabba6dd9c4ab8d74

SHA-1

80fd3bff15fd69ecfa8a8ec1c4a0ee8d5f544844

URL

http[:]//lastimaners[.]ug/asdfg[.]exe
http[:]//lastimaners[.]ug/zxcv[.]EXE
http[:]//lastimaners[.]ug/asdf[.]EXE
http[:]//94[.]158[.]245[.]253//l/f/o-POunoBagrSXdgRlxjK/d4e715b5a38d3d0f3e8dbeac2c04fd9afcea3fb7
http[:]//lastimaners[.]ug/zxcvb[.]exe

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment

Rewterz Threat Alert – Nanocore Rat – Fresh IOCs

Rewterz Threat Alert – Kimsuky APT Group – Active IOCs

Rewterz Threat Alert – AZORult Active-IOCs

Severity

Analysis Summary

Impact

Indicators of Compromise

MD5

SHA-256

SHA-1

URL

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan