IoCs for Agent Tesla ISO Email campaign

This commit is contained in:
Pavel Novák 2022-08-24 13:20:01 +02:00
parent 93121f621b
commit 8fb4e0077e
5 changed files with 44 additions and 0 deletions

View File

@ -0,0 +1,31 @@
# IoC from Operation Dragon Castling
Malware analysis and more technical information at <https://decoded.avast.io/pavelnovak/agenttesla-is-threatening-businesses-around-the-world-with-a-new-campaign/>
### Table of Contents
* [Samples (SHA-256)](#samples-sha-256)
* [Network indicators](#network-indicators)
## Samples (SHA-256)
```
ISO Attachment
83fe51953a0fe44389e197244faf90afe8ee80101dc33cb294cf6ef710e5aaba
AgentTesla Downloader Script
76f707afa3d4b2678aa5af270ea9325de6f8fdc4badf7249418e785438f1b8da
AgentTesla Injector
eb455ffb1595d1a06fc850ebc49b270ae84dd609e7b52144a60bb45cf4c4eb0e
```
## Network indicators
```
FTP Exfiltration Server
ftp.akmokykla.lt
AgentTesla Download Servers
assltextile.com/Su34M.jpg
consult-mob.ro/M777.jpg
handcosalon.com/Su57.jpg
```

View File

@ -0,0 +1,4 @@
ftp.akmokykla.lt
assltextile.com/Su34M.jpg
consult-mob.ro/M777.jpg
handcosalon.com/Su57.jpg

View File

@ -0,0 +1,3 @@
540594cb9d666f26237e6c346a875e1a
6664317aae5097b03ee282210c3d32b8
c3dbb827394bed4ea054a4c50eedc161

View File

@ -0,0 +1,3 @@
f3f77f07de43e480a983448c61e53a160c1b6ada
7e3f9c2f1ebc383fd7e057e6fa32f5cdc74502d5
683c33b67d5f09add96a60a3dd998769309edb99

View File

@ -0,0 +1,3 @@
83fe51953a0fe44389e197244faf90afe8ee80101dc33cb294cf6ef710e5aaba
76f707afa3d4b2678aa5af270ea9325de6f8fdc4badf7249418e785438f1b8da
eb455ffb1595d1a06fc850ebc49b270ae84dd609e7b52144a60bb45cf4c4eb0e