March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – PurpleWave—A New Infostealer from Russia
August 18, 2020Rewterz Threat Alert – Emotet Malware – IOCs
August 18, 2020Rewterz Threat Alert – PurpleWave—A New Infostealer from Russia
August 18, 2020Rewterz Threat Alert – Emotet Malware – IOCs
August 18, 2020
Severity
Medium
Analysis Summary
AZORult is a Trojan stealer that collects various data on infected computers and sends it to the C&C server, including browser history, login credentials, cookies, files from folders as specified by the C&C server (for example, all TXT files from the Desktop folder), cryptowallet files, etc. The malware can also be used as a loader to download other malware.
Impact
- Information theft
- Credential theft
- Exposure of sensitive data
Indicators of Compromise
URL
- http[:]//3[.]126[.]249[.]36/index[.]php
- http[:]//rewrty-71[.]tk/temp/set/index[.]php
- http[:]//myplanetguides[.]com/temp/evrfsiy[.]exe
- http[:]//pendialect[.]com/cg/cc/index[.]php
- http[:]//predatorachievement[.]com/sql/twcastll[.]exe
- http[:]//predatorachievement[.]com/sql/kerdfgv[.]exe
- http[:]//45[.]145[.]185[.]26/onxs$&/index[.]php
- http[:]//136[.]144[.]237[.]217/index[.]php
- http[:]//singsing[.]ug/nss3[.]dll
- http[:]//singsing[.]ug/softokn3[.]dll
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.