Threat Intelligence – AGENT TESLA Latest IOCs

0

Credits : Research by ExecuteMalware


Indicators of compromise

THREAT IDENTIFICATION: AGENT TESLA

SUBJECTS OBSERVED
FW: RE: confirm bank account

SENDERS OBSERVED
[email protected] [.]co [.]th

MALDOC FILE HASHES
CONFIRM YOUR ACCOUNT_PDF [.]UU
f81c3488a4d9e51fbf68ea591b35719a

AGENT TESLA PAYLOAD FILE HASHES
CONFIRM YOUR ACCOUNT_PDF [.]exe
74173b957e2e703074eef531996348c4

AGENT TESLA ESMTP DESTINATION
mail [.]jumatsedekah [.]com
https://101 [.]50 [.]1 [.]12:587

ADDITIONAL URL
http://bornforthis [.]ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish–goal-6B711D1EC6B765989791BAB1375373A5 [.]html

SUPPORTING EVIDENCE
https://www [.]virustotal [.]com/gui/file/8b2e93f410996ef2b5eac9cc2d686657cb401081ba41f9df156930e16da7723a/detection
https://app [.]any [.]run/tasks/e8ee160d-9097-4202-a2e2-173eb5d2305e/


Previous articleThreat Intelligence – Hancitor Malware Latest IOCs
Next articleThreat Intelligence – Cobalt Strike Servers April 13-April 15 Latest IOCs
Balaganesh is a Incident Responder. Certified Ethical Hacker, Penetration Tester, Security blogger, Founder & Author of Soc Investigation.

LEAVE A REPLY

Please enter your comment!
Please enter your name here