In addition to its capability of encrypting files, STOP Ransomware has added the AZORult trojan to its arsenal which in turn steal credentials, browser data, files, crypto wallets, and other information. Researchers downloaded a STOP Promorad Variant Sample to check for AZORult. Through this they discovered that the encrypted files were appended with the.promorad extension. The ransomware created a ransom note named _readme.txt and the Promorad variant also downloaded and executed a file named “5.exe.” This file, when executed, creates network traffic that is associated with the C&C server communications for the AZORult trojan.
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is