ioc[.]one - OSINT Cyber Threat Intelligence Database

AZORult brings friends to the party

Tags

cmtmf-attack-pattern:	Obfuscated Files Or Information Process Injection
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Exfiltration Over Other Network Medium - T1438 Botnet - T1583.005 Botnet - T1584.005 Clipboard Data - T1414 Clipboard Modification - T1510 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Mshta - T1218.005 Network Security Appliances - T1590.006 Powershell - T1059.001 Process Injection - T1631 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vnc - T1021.005 Clipboard Data - T1115 Disabling Security Tools - T1089 Exfiltration Over Other Network Medium - T1011 Indirect Command Execution - T1202 Remote File Copy - T1105 Mshta - T1170 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Injection - T1055 Remote Access Tools - T1219 Scheduled Task - T1053 Scripting - T1064 Remote File Copy Scripting

Show in Graph

Common Information

Type	Value
UUID	74adc8ca-d2e8-4551-a116-38d0f7fad4f9
Fingerprint	1e8909908fb61fc1
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 2, 2020, 11:04 a.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Vulnerability Information
Title	AZORult brings friends to the party
Detected Hints/Tags/Attributes	122/3/117

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/2020/04/azorult-brings-friends-to-party.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	Value
Details	Domain	14	githubusercontent.com
Details	Domain	291	raw.githubusercontent.com
Details	Domain	11	eu.minerpool.pw
Details	Domain	1	rig.zxcvb.pw
Details	Domain	1	rig.myrms.pw
Details	Domain	1	back123.brasilia.me
Details	Domain	2	rs.fym5gserobhh.pw
Details	Domain	2	dfgdgertdvdf.xyz
Details	Domain	2	dfgdgertdvdf.online
Details	Domain	904	snort.org
Details	Domain	1	answerstedhctbek.onion
Details	Domain	8	asq.r77vh0.pw
Details	Domain	1	jthnx5wyvjvzsxtu.onion.pet
Details	Domain	1	qlqd5zqefmkcr34a.onion.pet
Details	Domain	1	answerstedhctbek.onion.pet
Details	Domain	8	asq.d6shiiwz.pw
Details	Domain	1	darkfailllnkf4vf.onion.pet
Details	Domain	1	dreadditevelidot.onion.pet
Details	Domain	1	fh.fhcwk4q.xyz
Details	Domain	1	runionv62ul3roit.onion.pet
Details	Domain	1	rutorc6mqdinc4cz.onion.pet
Details	Domain	1	thehub7xbw4dc5r2.onion.pet
Details	Domain	1	torgatedga35slsu.onion
Details	Domain	1	torgatedga35slsu.onion.pet
Details	Domain	1	torrentzwealmisr.onion.pet
Details	Domain	1	uj3wazyk5u4hnvtk.onion.pet
Details	Domain	1	vkphotofqgmmu63j.onion.pet
Details	Domain	1	xmh57jrzrnw6insl.onion.pet
Details	Domain	1	zqktlwiuavvvqqt4ybvgvi7tyo4hjl5xgfuvpdf6otjiycgwqbym2qad.onion.pet
Details	Domain	1	zzz.onion.pet
Details	Domain	1	memedarka.xyz
Details	File	1	clp.exe
Details	File	380	notepad.exe
Details	File	2	c:\programdata\oracle\java\java.exe
Details	File	456	mshta.exe
Details	File	6	del.ps1
Details	File	1	updip.exe
Details	File	1260	explorer.exe
Details	File	55	control.exe
Details	File	1122	svchost.exe
Details	File	1206	index.php
Details	md5	1	a5b184d9d002bf04007c4bbd2a53eeea
Details	md5	1	ee6d2b99f8e3a3475b7a36d9e96d1c18
Details	sha1	1	c6f8b4c36e48425507271962855f3e2ac695f99f
Details	sha1	1	1a82b38931d8421406f53eb8fc4c771127b27ce4
Details	sha256	1	70751f1d73754f03454303546f03666403607e03741e031773551c18021d1d53
Details	sha256	1	bf2f3f1db2724b10e4a561dec10f423d99700fec61acf0adcbb70e23e4908535
Details	sha256	1	42525551155fd6f242a62e3202fa3ce8f514a0f9dbe93dff68dcd46c99eaab06
Details	sha256	1	2014c4ca543f1cc946f3b72e8b953f6e99fbd3660edb4b66e2658b8428c0866d
Details	sha256	1	bde46cf05034ef3ef392fd36023dff8f1081cfca6f427f6c4894777c090dad81
Details	sha256	1	1c08cf3dcf465a4a90850cd256d29d681c7f618ff7ec94d1d43529ee679f62f3
Details	sha256	1	a02d761cbc0304d1487386f5662a675df3cc6c3ed199e8ed36f738e9843ccc1b
Details	sha256	1	2f1668cce3c8778850e2528496a0cc473edc3f060a1a79b2fe6a9404a5689eea
Details	sha256	1	9e3a6584c77b67e03965f2ae242009a4c69607ea7b472bec2cba9e6ba9e41352
Details	sha256	1	29695ca6f5a79a99e5d1159de7c4eb572eb7b442148c98c9b24bdfdbeb89ffc0
Details	sha256	1	aca587dc233dd67f5f265bfda00aec2d4196fde236edfe52ad2e0969932564ed
Details	sha256	1	598c61da8e0932b910ce686a4ab2fae83fa3f1b2a4292accad33ca91aa9bd256
Details	sha256	1	d88ed1679d3741af98e5d2a868e2dcb1fa6fbd7b56b2d479cfa8a33d8c4d8e0b
Details	sha256	1	936fbe1503e8e0bdc44e4243c6b498620bb3fefdcbd8b2ee85316df3312c4114
Details	sha256	1	57f1b71064d8a0dfa677f034914e70ee21e495eaab37323a066fd64c6770ab6c
Details	sha256	1	f46a1556004f1da4943fb671e850584448a9521b86ba95c7e6a1564881c48349
Details	sha256	1	b7c545ced7d42410c3865faee3a47617f8e1b77a2365fc35cd2661e571acdc06
Details	sha256	1	2548072a77742e2d5b5ee1d6e9e1ff9d67e02e4c96350e05a68e31213193b35a
Details	sha256	1	14e956f0d9a91c916cf4ea8d1d581b812c54ac95709a49e2368bd22e1f0a32ca
Details	sha256	1	cea286c1b346be680abbbabd35273a719d59d5ff8d09a6ef92ecf75689b356c4
Details	sha256	2	35b95496b243541d5ad3667f4aabe2ed00066ba8b69b82f10dd1186872ce4be2
Details	sha256	1	ef9fc8a7be0075eb9372a2564273b6c1fffdb4b64f261b90fefea1d65f79b34e
Details	sha256	1	3dd5fbf31c8489ab02cf3c06a16bca7d4f3e6bbc7c8b30514b5c82b0b7970409
Details	IPv4	8	185.10.68.220
Details	IPv4	2	195.123.234.33
Details	IPv4	2	52.15.61.57
Details	MITRE ATT&CK Techniques	41	T1089
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	41	T1086
Details	MITRE ATT&CK Techniques	60	T1202
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	80	T1064
Details	MITRE ATT&CK Techniques	480	T1053
Details	MITRE ATT&CK Techniques	7	T1011
Details	Url	1	https://gist.githubusercontent.com/mysslacc/a5b184d9d002bf04007c4bbd2a53eeea/raw/c6f8b4c36e48425507271962855f3e2ac695f99f/baseba
Details	Url	1	https://raw.githubusercontent.com/mysslacc/thd/master/base.
Details	Url	1	https://gist.githubusercontent.com/mysslacc/ee6d2b99f8e3a3475b7a36d9e96d1c18/raw/1a82b38931d8421406f53eb8fc4c771127b27ce4/clp
Details	Url	1	http://195.123.234.33/win/checking.hta
Details	Url	1	http://195.123.234.33/win/checking.ps1
Details	Url	1	http://195.123.234.33/win/del.ps1
Details	Url	1	http://195.123.234.33/win/update.hta
Details	Url	1	http://answerstedhctbek.onion
Details	Url	4	http://asq.r77vh0.pw/win/checking.hta
Details	Url	1	http://jthnx5wyvjvzsxtu.onion.pet
Details	Url	1	http://qlqd5zqefmkcr34a.onion.pet/win/checking.hta
Details	Url	1	https://answerstedhctbek.onion
Details	Url	1	https://answerstedhctbek.onion.pet
Details	Url	2	https://asq.d6shiiwz.pw/win/checking.ps1
Details	Url	3	https://asq.d6shiiwz.pw/win/hssl/d6.hta
Details	Url	1	https://asq.r77vh0.pw/win/checking.ps1
Details	Url	4	https://asq.r77vh0.pw/win/hssl/r7.hta
Details	Url	1	https://darkfailllnkf4vf.onion.pet
Details	Url	1	https://dreadditevelidot.onion.pet
Details	Url	1	https://fh.fhcwk4q.xyz/win/checking.ps1
Details	Url	1	https://fh.fhcwk4q.xyz/win/hssl/fh.hta
Details	Url	1	https://qlqd5zqefmkcr34a.onion.pet/win/checking.hta
Details	Url	1	https://runionv62ul3roit.onion.pet
Details	Url	1	https://rutorc6mqdinc4cz.onion.pet
Details	Url	1	https://thehub7xbw4dc5r2.onion.pet
Details	Url	1	https://torgatedga35slsu.onion
Details	Url	1	https://torgatedga35slsu.onion.pet
Details	Url	1	https://torrentzwealmisr.onion.pet
Details	Url	1	https://uj3wazyk5u4hnvtk.onion.pet
Details	Url	1	https://vkphotofqgmmu63j.onion.pet
Details	Url	1	https://xmh57jrzrnw6insl.onion.pet
Details	Url	1	https://zqktlwiuavvvqqt4ybvgvi7tyo4hjl5xgfuvpdf6otjiycgwqbym2qad.onion.pet
Details	Url	1	https://zzz.onion.pet
Details	Url	1	http://memedarka.xyz/ynvs2/index.php
Details	Windows Registry Key	22	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
Details	Windows Registry Key	1	HKCU\Software\Kumi
Details	Windows Registry Key	1	HKCU\Software\cr\d