Derp.ca

Azorult

Also known as: PuffStealer, Rultazo

AZORult is a credential and payment card information stealer. Among other things, version 2 added support for .bit-domains. It has been observed in conjunction with Chthonic as well as being dropped by Ramnit.

Linked Threat Actors

The Gorgon Group

Last 7 days

Apr 17, 2026
C2 Hosts: 1
Apr 14, 2026
C2 Hosts: 1

Further Reading

Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites

We have been tracking a campaign involving the SpyAgent malware that abuses well-known remote access tools (RATs) — namely TeamViewer — for some time now. While previous versions of the malware hav...

trendmicro.com
AZORult Delivered by GuLoader | Malware Analysis Spotlight | VMRay

Read the VMRay Labs Team's analysis of a delivery chain that uses malicious e-mail attachments and GuLoader to spread AZORult

vmray.com
Multistage Loader used to spread AZORult and NanoCore | blog

Multistage .NET loader used to spread AZORult and NanoCore Infostealers targeting users in Asian subcontinent, specifically South Korea and Indonesia.

zscaler.com
Oil and Gas Industries in Middle East Targeted | blog

Beginning from July 2020, ThreatLabZ observed several targeted attacks against the supply chain organizations in the oil and gas sector in the Middle East.

zscaler.com
Il polo italiano della Cyber Security

Costruiamo un digitale sicuro, insieme. Sicurezza, Resilienza, Innovazione Tinexta Cyber è una delle principali realtà italiane nel campo della cybersecurity e della system integration, parte del G...

yoroi.company
Il polo italiano della Cyber Security

Costruiamo un digitale sicuro, insieme. Sicurezza, Resilienza, Innovazione Tinexta Cyber è una delle principali realtà italiane nel campo della cybersecurity e della system integration, parte del G...

yoroi.company