IoCs for Agent Tesla ISO Email campaign

AgentTeslaISOCampaign/README.md

@@ -0,0 +1,31 @@
+# IoC from Operation Dragon Castling
+
+Malware analysis and more technical information at <https://decoded.avast.io/pavelnovak/agenttesla-is-threatening-businesses-around-the-world-with-a-new-campaign/>
+
+
+### Table of Contents
+* [Samples (SHA-256)](#samples-sha-256)
+* [Network indicators](#network-indicators)
+
+## Samples (SHA-256)
+```
+ISO Attachment
+83fe51953a0fe44389e197244faf90afe8ee80101dc33cb294cf6ef710e5aaba
+
+AgentTesla Downloader Script
+76f707afa3d4b2678aa5af270ea9325de6f8fdc4badf7249418e785438f1b8da
+
+AgentTesla Injector
+eb455ffb1595d1a06fc850ebc49b270ae84dd609e7b52144a60bb45cf4c4eb0e
+```
+
+## Network indicators
+```
+FTP Exfiltration Server
+ftp.akmokykla.lt
+
+AgentTesla Download Servers
+assltextile.com/Su34M.jpg
+consult-mob.ro/M777.jpg
+handcosalon.com/Su57.jpg
+```

AgentTeslaISOCampaign/network.txt

@@ -0,0 +1,4 @@
+ftp.akmokykla.lt
+assltextile.com/Su34M.jpg
+consult-mob.ro/M777.jpg
+handcosalon.com/Su57.jpg

AgentTeslaISOCampaign/samples.md5

@@ -0,0 +1,3 @@
+540594cb9d666f26237e6c346a875e1a
+6664317aae5097b03ee282210c3d32b8
+c3dbb827394bed4ea054a4c50eedc161

AgentTeslaISOCampaign/samples.sha1

@@ -0,0 +1,3 @@
+f3f77f07de43e480a983448c61e53a160c1b6ada
+7e3f9c2f1ebc383fd7e057e6fa32f5cdc74502d5
+683c33b67d5f09add96a60a3dd998769309edb99

AgentTeslaISOCampaign/samples.sha256

@@ -0,0 +1,3 @@
+83fe51953a0fe44389e197244faf90afe8ee80101dc33cb294cf6ef710e5aaba
+76f707afa3d4b2678aa5af270ea9325de6f8fdc4badf7249418e785438f1b8da
+eb455ffb1595d1a06fc850ebc49b270ae84dd609e7b52144a60bb45cf4c4eb0e