April 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Fortinet FortiProxy and FortiOS Vulnerabilities
March 10, 2023Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
March 11, 2023Rewterz Threat Advisory – Multiple Fortinet FortiProxy and FortiOS Vulnerabilities
March 10, 2023Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
March 11, 2023
Severity
High
Analysis Summary
The AZORULT malware is an information stealer which was discovered in 2016. This malware steals IDs, browsing history, cookies, passwords, and other information. AZORult serves as a malware downloader and it was advertised on Russian underground forums as a way to extract sensitive data from compromised computers. Browser history, bitcoin, ID, cookies, and passwords can be stolen by this malware. Phishing emails and the Fallout Exploit Kit (EK), in combination with social engineering tactics, are the primary infection vectors for the AZORult virus. The virus can also act as a loader, allowing more malware to be downloaded
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 7531ca10621e42d535f45cc4d2ed34b0
- 80282ad96280b9d042bc8b51beb0ed35
- 5f751f16ee50617273bba9a68509db86
- 5973e7a8ff64a46f05178481b1a56387
- 7fda12c08f81fdce509bcc01dc14803e
- 9c3509a3e69da8213d8b30fa4e8294d4
- df91f932202c42df05298698fa280f70
- 7a4a2d9a9c0e06bae3a665a75ff3031a
- 554885423c727bb195213a01e21b3a1e
- cffb2d225666a8d6f680f933ce8502f6
SHA-256
- b97a3c05965d5d5ff7f9144bfb97205b441ad58ed8e5a8034e2b65875d398840
- a83d87e69c81b4184d9915e94ffe9d369fefd3a44e21e3f57573e8bd73cd741f
- 9c8bfcd8ad18ec4b11da661f68b7991c3d4e13c1727e8ec52065c044dd993ae2
- 9be89e8e477289930ecb21cc8da2b4e65ae31bd3d1704132a366146a67f9b39c
- 92b7854ba71147830f18aa046214efd0e6cf2ad12424d766ba2f474132b02581
- 71998d75da35ae3428c97c5866d685cddfd54ee825ad562c8139972821479478
- 6f40c3693cd20064b2be64cfc30c336efef0ee518a9ac48bf43d6a0e15c1ff9f
- 3228b45341f90b12f8dc7fb180ed1fb38fa22e02cb16d2f4dd3c9ffcc61524bb
- 285fc71741eb0666b9f371d296328b64f91e1f7adcd727f5c998ea8f7cea9419
- 2826c8a6951e891fba6bdaeace20e957247bea11c5fed90bed40b9398b2f181a
SHA-1
- 12c97a531bb99fc2b2570f8c964bccecebc2de9c
- 036c13b1d3163268de8df9af13e3a1cbf686c0be
- aae5bf6b9454b690799dc9c08ceb431ede9d7a34
- 73978eaf526180759309e0c0ea49d2c64b905e7a
- 379e611c2fa1a66cfd7dfef8a1e697ac11b4f7c8
- 37bf9b3fda617a951cdd2e564c9a1a2bf33b8f68
- 815aef5ae155c3792312b743561d6da18baffb55
- f0d5e8c812d6eb2f43d3eadec52ecf56ab5ca31c
- 67dab5809c424b882959e41dc77e88ce4a26fa1c
- 6f02eea30f4ca334fe50465effa5a76b916e0c2d
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Emails from unknown senders should always be treated with caution.
- Never trust or open links and attachments received from unknown sources/senders.
