AZORult Tracker is maintained by:
This project has been created during our last year of engineering school at ENSIBS Cyberdéfense in Vannes (FRANCE). We decided to work on AZORult Tracker because we all enjoy threat intelligence and we wanted to contribute to its community.
If you want to know more about AZORult, you can check out its Malpedia page. And here are more specifically two articles on the C&C panel :
If your server is in the database, it's probably because it has been compromised to host an AZORult panel. First of all, make sure there are no more malware panels on your websites. Then contact us at azorult-tracker[at]protonmail[.]com with object "[Opt-out] your_server_here". Note: you'll have to prove that you are the owner of the server to remove it from the database.
To get new panels to track, AZORult Tracker use feeders including:
Thanks to them for their awesome work!
We also share the panels we discover during our personal investigations.
There is no restriction on the website and the API, however, the provided data are under the CC0 license.
Although the database is open, we do not provide the website/API source code. However, if you found new panels not referenced by AZORult Tracker, you can submit them on CyberCrime Tracker or directly on Twitter with the hashtag #AZORult, our feeders will take care of retrieving them.
Some versions of the AZORult panel have vulnerabilities. Once exploited, the panel may have inconsistent data.
It's possible in some cases that erroneous data may be injected into the statistics page of C&C. They are not taken into account, however, this can lead to some inconsistencies. It's also likely that seemingly legitimate data are injected into the statistics, inflating, for example, the number of victims on a panel.
The page containing the infection statistics is in the C&C "backend", to access it you need to know its path, if you don't have it the statistics can't be retrieved. However, we still get the malware's settings, files grabber and loaders.
Online C&C are scanned every 12 hours, it's possible that changes have taken place since the last scan.
It's possible that panels may not have the right status (offline instead of online), this may be due to the use of technology such as Cloudflare. This is also why some panels listed on the feeders are not present on AZORult Tracker.
You want to collaborate with AZORult Tracker? You've got an amazing idea? You have a huge list of C&C not referenced? You spotted a bug? Feel free to contact us at the following email: azorult-tracker[at]protonmail[.]com or directly on Twitter.