AZORult Taurus Racoon AZORult was first discovered in 2016. One version of this malware created a new, hidden administrator account on the machine that set a registry key to establish a Remote Desktop Protocol (RDP) connection. The malware is mostly deployed by exploit kits and phishing mails. Besides the malware has the capability to steal credentials, it also collects data on installed programs, cryptocurrency wallets, such as Monero and uCoin, Skype chat history and messages, and collects host Internet protocol (IP) information etc 9 . Taurus was first detected in April 2020 10 . In addition to the theft of passwords and cookies, this malware can steal some cryptocurrency wallets, commonly used FTP client credentials, information on installed software, and system configurations. The malware is designed to not execute in countries of the Commonwealth of Independent States (CIS). Racoon is an infostealer focused on gathering sensitive and confidential information, financial information, and personal information 8 . Racoon was first seen in April 2019. It has a relatively low price of $75 for a ‘trial’ week, $200 per month or $499 for four months. The malware is mostly deployed by two methods, third-party exploit kits or phishing campaigns. Threat actors favour this infostealer due to its simplicity and its focus on ‘stealer tasks,’ rather than a focus on masking itself like other infostealers. https://success.trendmicro.com/solution/000146108-azorult-malware-information-kAJ4P000000kEK2WAM https://www.cyberark.com/resources/threat-research-blog/raccoon-the-story-of-a-typical-infostealer https://securityboulevard.com/2021/05/an-in-depth-analysis-of-the-new-taurus-stealer/ 8. 9. 10. 1.1 1.2 1.3 1.4 Infostealers 1 2 Executive Summary 7 The Rise of Dark Web Botnet Marketplaces