Threat Intelligence – AGENT TESLA Malware Latest IOCs

0

Researchers have identified new versions of the Agent Tesla remote access trojan (RAT) that target the Windows anti-malware interface used by security vendors to protect PCs from attacks.Below are the latest indicators of compromise.


Credits : Research by ExecuteMalware

Indicators of Compromise (IOCs)

THREAT IDENTIFICATION: AGENT TESLA

EMAIL SUBJECTS OBSERVED
Re: DEVOLUCIÓN DE PAGO TT (Ref 0180066743)

EMAIL SENDERS OBSERVED
[email protected] [.]com

MALICIOUS DOC FILE HASHES

1c82a6fd738178598e8a3c207846c6a0
562ca9d4bc237708fd23849fd3600e25

AGENT TESLA PAYLOAD FILE HASHES
WcF3F786rumYVOl [.]exe
a5e4ad305745815c85521f1bec3db622

QqxOrD9ivjVteg7 [.]exe
daa19bf920ef774e7bc435c8ae7e5567

AGENT TESLA ESMTP DESTINATION
https://66 [.]70 [.]204 [.]222:587
mail [.]iymorenterprizelogs [.]com

SUPPORTING EVIDENCE
https://tria [.]ge/210309-k9van3gy8a
https://app [.]any [.]run/tasks/75bbb948-6edf-47de-a4e5-f3d17f855bb6/


Previous articleServer Side Template Injection [SSTI] – Prevention and Detection
Next articleThreat Intelligence – Dridex Malware Latest IOCs
Balaganesh is a Incident Responder. Certified Ethical Hacker, Penetration Tester, Security blogger, Founder & Author of Soc Investigation.

LEAVE A REPLY

Please enter your comment!
Please enter your name here