Jun 24, 2026
C2 Hosts: 1
Azorult
Also known as: PuffStealer, Rultazo
AZORult is a credential and payment card information stealer. Among other things, version 2 added support for .bit-domains. It has been observed in conjunction with Chthonic as well as being dropped by Ramnit.
Linked Threat Actors
The Gorgon Group
C2 Infrastructure
Hosting/VPS 100%
Last 7 days
| Date | C2 Hosts |
|---|---|
| Jun 24, 2026 | 1 |
Further Reading
The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware opens in a new tab
Cybereason is following an active campaign to deliver multiple different types of malware to victims all over the world. This attack is able to steal data, mine for cryptocurrency, and in specific ...
cybereason.com
TA505's Box of Chocolate - On Hidden Gems packed with the TA505 Packer opens in a new tab
Cybersecurity: TA505, a very active threat actor, works differently than, for example, the group behind Emotet. Which tools are used here, Thomas Barabosch explains to you in his Blog.
telekom.com
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites opens in a new tab
We have been tracking a campaign involving the SpyAgent malware that abuses well-known remote access tools (RATs) — namely TeamViewer — for some time now. While previous versions of the malware hav...
trendmicro.com
AZORult Delivered by GuLoader | Malware Analysis Spotlight | VMRay opens in a new tab
Read the VMRay Labs Team's analysis of a delivery chain that uses malicious e-mail attachments and GuLoader to spread AZORult
vmray.com
Multistage Loader used to spread AZORult and NanoCore | blog opens in a new tab
Multistage .NET loader used to spread AZORult and NanoCore Infostealers targeting users in Asian subcontinent, specifically South Korea and Indonesia.
zscaler.com
Oil and Gas Industries in Middle East Targeted | blog opens in a new tab
Beginning from July 2020, ThreatLabZ observed several targeted attacks against the supply chain organizations in the oil and gas sector in the Middle East.
zscaler.com
Il polo italiano della Cyber Security opens in a new tab
Costruiamo un digitale sicuro, insieme. Sicurezza, Resilienza, Innovazione Tinexta Cyber è una delle principali realtà italiane nel campo della cybersecurity e della system integration, parte del G...
yoroi.company
Il polo italiano della Cyber Security opens in a new tab
Costruiamo un digitale sicuro, insieme. Sicurezza, Resilienza, Innovazione Tinexta Cyber è una delle principali realtà italiane nel campo della cybersecurity e della system integration, parte del G...
yoroi.company