mirror of https://github.com/avast/ioc
IoCs for Agent Tesla ISO Email campaign
This commit is contained in:
parent
93121f621b
commit
8fb4e0077e
|
@ -0,0 +1,31 @@
|
|||
# IoC from Operation Dragon Castling
|
||||
|
||||
Malware analysis and more technical information at <https://decoded.avast.io/pavelnovak/agenttesla-is-threatening-businesses-around-the-world-with-a-new-campaign/>
|
||||
|
||||
|
||||
### Table of Contents
|
||||
* [Samples (SHA-256)](#samples-sha-256)
|
||||
* [Network indicators](#network-indicators)
|
||||
|
||||
## Samples (SHA-256)
|
||||
```
|
||||
ISO Attachment
|
||||
83fe51953a0fe44389e197244faf90afe8ee80101dc33cb294cf6ef710e5aaba
|
||||
|
||||
AgentTesla Downloader Script
|
||||
76f707afa3d4b2678aa5af270ea9325de6f8fdc4badf7249418e785438f1b8da
|
||||
|
||||
AgentTesla Injector
|
||||
eb455ffb1595d1a06fc850ebc49b270ae84dd609e7b52144a60bb45cf4c4eb0e
|
||||
```
|
||||
|
||||
## Network indicators
|
||||
```
|
||||
FTP Exfiltration Server
|
||||
ftp.akmokykla.lt
|
||||
|
||||
AgentTesla Download Servers
|
||||
assltextile.com/Su34M.jpg
|
||||
consult-mob.ro/M777.jpg
|
||||
handcosalon.com/Su57.jpg
|
||||
```
|
|
@ -0,0 +1,4 @@
|
|||
ftp.akmokykla.lt
|
||||
assltextile.com/Su34M.jpg
|
||||
consult-mob.ro/M777.jpg
|
||||
handcosalon.com/Su57.jpg
|
|
@ -0,0 +1,3 @@
|
|||
540594cb9d666f26237e6c346a875e1a
|
||||
6664317aae5097b03ee282210c3d32b8
|
||||
c3dbb827394bed4ea054a4c50eedc161
|
|
@ -0,0 +1,3 @@
|
|||
f3f77f07de43e480a983448c61e53a160c1b6ada
|
||||
7e3f9c2f1ebc383fd7e057e6fa32f5cdc74502d5
|
||||
683c33b67d5f09add96a60a3dd998769309edb99
|
|
@ -0,0 +1,3 @@
|
|||
83fe51953a0fe44389e197244faf90afe8ee80101dc33cb294cf6ef710e5aaba
|
||||
76f707afa3d4b2678aa5af270ea9325de6f8fdc4badf7249418e785438f1b8da
|
||||
eb455ffb1595d1a06fc850ebc49b270ae84dd609e7b52144a60bb45cf4c4eb0e
|
Loading…
Reference in New Issue