Trusted Design

AzorUlt Version 2: Atrocious Spyware infection using 3 in 1 RTF Document

概要

This single RTF document carries 3 infamous exploits, desperately tries to exploit with at least one and then tries infecting the user machine with an Atrocious Spyware – AzorUlt Version 2.

Created: 2026-02-23

Indicators

• domain - kdotraky.com -
• FileHash-MD5 - e773d6f023023586db4c080b66d5eb1b -
• hostname - www.alkratrad.com -
• URL - http://vabookings.com/AA/tttttttt_netwire.exe -
• URL - http://alkratrad.com/b/t.php?thread=0 -
• FileHash-MD5 - 4ba3a1e322a575dfa2716ea30118d106 -
• URL - http://alkratrad.com/b/t.php?act=hit -
• FileHash-MD5 - 4643f3e9b95d9f03ae1ce12d6df50e9d -
• FileHash-MD5 - ae93bdceea3c13c42f957d06d5ff0226 -
• URL - http://alkratrad.com/b/tp.php?thread=0 -
• URL - http://vabookings.com/aa/tttttttt_netwire.exe -
• URL - http://185.203.116.126/albi/file.php -
• FileHash-MD5 - 6921baf9c8b503011bd5a68856fe405a -
• URL - http://vabookings.com/cita/cita.exe -
• URL - http://www.alkratrad.com/files/folder1/100/web/gate.php -
• URL - http://alkratrad.com/ -
• FileHash-SHA256 - 53998bd0cf159adf66e29ece37c436d8921adecf433a88185b0caf6f4987153f -
• URL - http://www.alkratrad.com/files/folder1/100/web/ -
• FileHash-MD5 - d32cc02c92d1172ca4e8c3109e7909ed -
• FileHash-MD5 - aaff76ced92ce11655b07ffb2d3fe066 -
• domain - alkratrad.com -

類似Pulses

• AZORULT VERSION 2: ATROCIOUS SPYWARE INFECTION USING 3 IN 1 RTF DOCUMENT (score: 0.91)
• Trojan.Doc.Scam.K (score: 0.54)
• TrojanSpy:Win32/Quatro (score: 0.54)
• Eed2f4a3 malware on Metadefender.com (score: 0.53)
• Ongoing analysis of unknown exploit targeting Office 2007-2013 (score: 0.53)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る