Threat Intelligence – AGENT TESLA Malware Latest IOCs

March 11, 2021

Researchers have identified new versions of the Agent Tesla remote access trojan (RAT) that target the Windows anti-malware interface used by security vendors to protect PCs from attacks.Below are the latest indicators of compromise.

Credits : Research by ExecuteMalware

Indicators of Compromise (IOCs)

THREAT IDENTIFICATION: AGENT TESLA

EMAIL SUBJECTS OBSERVED
Re: DEVOLUCIÓN DE PAGO TT (Ref 0180066743)

EMAIL SENDERS OBSERVED
clientesgdl@importsellos [.]com

MALICIOUS DOC FILE HASHES

1c82a6fd738178598e8a3c207846c6a0
562ca9d4bc237708fd23849fd3600e25

AGENT TESLA PAYLOAD FILE HASHES
WcF3F786rumYVOl [.]exe
a5e4ad305745815c85521f1bec3db622

QqxOrD9ivjVteg7 [.]exe
daa19bf920ef774e7bc435c8ae7e5567

AGENT TESLA ESMTP DESTINATION
https://66 [.]70 [.]204 [.]222:587
mail [.]iymorenterprizelogs [.]com

SUPPORTING EVIDENCE
https://tria [.]ge/210309-k9van3gy8a
https://app [.]any [.]run/tasks/75bbb948-6edf-47de-a4e5-f3d17f855bb6/

CVE-2023-21554 – Hunt For MSMQ QueueJumper In The Environment

OS Credential Dumping- LSASS Memory vs Windows Logs

Credential Dumping using Windows Network Providers – How to Respond

The Flow of Event Telemetry Blocking – Detection & Response

UEFI Persistence via WPBBIN – Detection & Response

What is Session Hijacking/Cookie Hijacking – DEMO

Linux Event Logs and Its Record Types – Detect & Respond

How Businesses Can Minimize Network Downtime

Recovering SAP Data Breaches Caused by Ransomware

How Does DGA Malware Operate And How To Detect In A…

How To Optimize Business IT Infrastructure

How Businesses Can Identify And Address Cybersecurity Lapses

Cybersecurity Management 101: Balancing Risk Management With Compliance Requirements

Remote Desktop Gateway – What Is It

How to Detect Malware C2 with DNS Status Codes

How Brazilian students use AI

Tools Online Casinos Use to Protect Players

VDR — a Space for Efficient and Secure Transactions

How Encryption Plays a Vital Role in Safeguarding Against Digital Threats

Push Notification Protocols: Ensuring Safety In Digital Communication

Phishing Scam Alert: Fraudulent Emails Requesting to Clear Email Storage Space…

Vidar Infostealer Malware Returns with new TTPS – Detection & Response

New WhiskerSpy Backdoor via Watering Hole Attack -Detection & Response

RedLine Stealer returns with New TTPS – Detection & Response

Understanding Microsoft Defender Threat Intelligence (Defender TI)

Threat Hunting Playbooks For MITRE TACTICS

Masquerade Attack Part 2 – Suspicious Services and File Names

Masquerade Attack – Everything You Need To Know in 2022

MITRE D3FEND Knowledge Guides to Design Better Cyber Defenses

Mapping MITRE ATT&CK with Window Event Log IDs

How Email Encryption Protects Your Privacy

How To Check Malicious Phishing Links

Emotet Malware with Microsoft OneNote- How to Block emails based on…

How DMARC is used to reduce spoofed emails ?

Hackers Use New Static Expressway Phishing Technique on Lucidchart

Threat Intelligence – AGENT TESLA Malware Latest IOCs

LEAVE A REPLY Cancel reply