March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Trickbot – IOCs
February 19, 2021Rewterz Threat Advisory – CVE-2021-3411 – Linux Kernel can_optimize function code execution
February 22, 2021Rewterz Threat Alert – Trickbot – IOCs
February 19, 2021Rewterz Threat Advisory – CVE-2021-3411 – Linux Kernel can_optimize function code execution
February 22, 2021
Severity
Medium
Analysis Summary
AZORult is a Trojan stealer that collects various data on infected computers and sends it to the C&C server, including browser history, login credentials, cookies, files from folders as specified by the C&C server (for example, all TXT files from the Desktop folder), cryptowallet files, etc. The malware can also be used as a loader to download other malware.
Impact
- Information theft
- Credential theft
- Exposure of sensitive data
Indicators of Compromise
URL
- http[:]//198[.]71[.]50[.]125/index[.]php
- http[:]//mkontakt[.]az/03[.]exe
- http[:]//50[.]116[.]23[.]203/index[.]php
- http[:]//kvaka[.]li/1210776429[.]php
- http[:]//37[.]46[.]150[.]24/azone/index[.]php
- http[:]//18[.]197[.]52[.]125/index[.]php
- http[:]//bengallpg[.]com/ghsjdfbfhf/index[.]php
- http[:]//www[.]teacher[.]net[.]ru/oo/es[.]exe
- http[:]//smdbaba[.]monster/index[.]php
- http[:]//hanxlas[.]ac[.]ug/main[.]php
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.