Not SimonMar 19, 2024

Netskope reports on an Azorult infostealer campaign in the wild that delivers its initial payload through HTML smuggling. It uses reflective code loading (T1620) to execute the fileless Azorult malware, and an Anti Malware Scan Interface (AMSI) bypass technique (T1562.001) to avoid detection. Netskope provides the infection chain, infostealer features and IOC. 🔗 https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

#Azorult #threatintel #HTMLsmuggling #IOC #infostealer

From Delivery To Execution: An Evasive Azorult Campaign Smuggled Through Google Sites

Summary Netskope Threat Labs has observed an evasive Azorult campaign in the wild that employs multiple defense evasion techniques from delivery through

Netskope
Ray CanzaneseMar 15, 2024

A colleague of mine just wrote this teardown of a recent #Azorult #malware campaign A few of the highlights:

  • HTML smuggling on Google Sites to deliver the initial payload
  • Reflexive code loading to execute Azorult in a fileless fashion
  • AMSI bypass to evade Windows Defender and other AV software
  • Steals sensitive data and exfiltrates it over HTTP.

https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

From Delivery To Execution: An Evasive Azorult Campaign Smuggled Through Google Sites

Summary Netskope Threat Labs has observed an evasive Azorult campaign in the wild that employs multiple defense evasion techniques from delivery through

Netskope
D3LabFeb 2, 2024

Campagne #Malware #Italy Week 05
💣☠️🔥👻

#AgentTesla: Ordine
#Remcos: Avviso Giacenza GLS/DHL
#Formbook: Documento
#Irata: Apk Bank
#Astaroth: Fattura
#Azorult: Credito

#mwitaly

Teddy / Domingo (🇨🇵/🇬🇧)Jan 15, 2024
#Azorult #Malware Comes to the Fore in New #DarkWeb Campaign. The notorious #Azorult #malware has resurfaced on the #darkweb again, demonstrating a renewed and sophisticated approach. 
https://thecyberexpress.com/azorult-malware-resurgence-cyble-reports/?&web_view=true
#security
Unmasking the Resurgence of Azorult Malware: Cyble Detects A New Dark Web Campaign

The notorious Azorult malware has resurfaced on the dark web again, demonstrating a renewed and sophisticated approach. First identified in

The Cyber Express
James_inthe_boxSep 14, 2023

Some fresh #azorult:

https://app.any.run/tasks/bcf96768-fb98-4ad0-9a63-aef24bc970df/

c2: http://46.183.220[.70/bag/Panel/index.php

Analysis FA010711pdf.exe (MD5: 2CFF60CCFE9BF21D3F98F749A278AC62) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

ITSEC NewsJan 4, 2021
Leading Game Publishers Hit Hard by Leaked-Credential Epidemic - Over 500,000 leaked credentials tied to the top two dozen leading gaming companies are for sale on... https://threatpost.com/game-publishers-hit-by-leaked-credentials/162725/ #passwordmanager #videogamers #ransomware #covid-19 #malware #privacy #azorult #idtheft #ubisoft #breach #gamers #hacks #slack #vpn
Leading Game Publishers Hit Hard by Leaked-Credential Epidemic

Over 500,000 leaked credentials tied to the top two dozen leading gaming companies are for sale online.

Threatpost - English - Global - threatpost.com
CIRCL - Old accountMay 26, 2020

Malspam hitting mailboxes in Germany , distributing #GuLoader -> #AZORult

GuLoader payload:

https://bazaar.abuse.ch/sample/98c39c41a62349078a4b09ae665ed9945dd207b7c02b38fa58a639089721bc5e/ …

AZORult payload URL:

https://urlhaus.abuse.ch/url/366085/ 

AZORult C2:

http://infosales.duckdns\.org/index.phppic.twitter.com/AC8wbTgMNV

MalwareBazaar | SHA256 98c39c41a62349078a4b09ae665ed9945dd207b7c02b38fa58a639089721bc5e (GuLoader)

Information on GuLoader malware sample (SHA256 98c39c41a62349078a4b09ae665ed9945dd207b7c02b38fa58a639089721bc5e)

ITSEC NewsApr 9, 2020

Threat Source newsletter for April 9, 2020 - Newsletter compiled by Jon Munshaw.

Welcome to this week’s Threat Source newsletter — the perfect p... more: http://feedproxy.google.com/~r/feedburner/Talos/~3/LpFjQ_lY_NM/threat-source-newsletter-april-9-2020.html #threatsourcenewsletter #talosthreatsource #electionsecurity #threatsource #coronavirus #newsroundup #ransomware #cybernews #covid-19 #azorult #news

Threat Source newsletter for April 9, 2020

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

Tarnkappe.infoMar 14, 2020
📬Hacker verwenden Coronavirus Map zum Verbreiten von Malware📬 https://tarnkappe.info/hacker-verwenden-coronavirus-map-zum-verbreiten-von-malware/ #John-Hopkins-Universität #Coronavirus-Pandemie #KrebsonSecurity #CoronavirusMap #BrianKrebs #Cybercrime #ReasonLabs #ShaiAlfasi #Covid-19 #Artikel #AZORult #Hacker
Hacker verwenden Coronavirus Map zum Verbreiten von Malware

Ein Sicherheitsforscher bei Reason Labs, entdeckte, dass Hacker als „Coronavirus-Karte“ getarnte Malware verbreiten zum Abfischen von Daten.

Tarnkappe
ITSEC NewsMar 12, 2020
Live Coronavirus Map Used to Spread Malware - Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually ... more: https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-malware/ #johnshopkinsuniversity #coronavirusmalware #covid-19malware #latestwarnings #thecomingstorm #coronavirusmap #azorult
Live Coronavirus Map Used to Spread Malware — Krebs on Security