Today > | 3 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Agent Tesla Indicators of Compromise (IOC) Feed

Sept. 18, 2024, 9 a.m.

Description

Agent Tesla is a sophisticated malware functioning primarily as a keylogger, capable of capturing sensitive data like usernames and passwords from infected computers. It can also take screenshots, extract credentials from various software, and act as a remote access tool. The malware's versatility allows it to exfiltrate data through multiple channels, including FTP, email, and Telegram, making it particularly effective at bypassing standard security measures. First identified around 2014, Agent Tesla has evolved to become more adept at evading detection and expanding its functionality. It is typically spread through phishing emails, malicious attachments, or compromised websites. Its ease of customization and adaptability make it a preferred choice among cybercriminals, posing a significant threat to cybersecurity.

Date

Published: Sept. 18, 2024, 8:32 a.m.

Created: Sept. 18, 2024, 8:32 a.m.

Modified: Sept. 18, 2024, 9 a.m.

Indicators

198.46.174.139

https://198.46.174.139/xampp/uhb/uh/wethkingwearereallyamazingtogetmebackwithnewthingstounderstandbetterthingsforyou___________________sheisgreattounderstandwearego.doc

https://198.46.174.139/55/winiti.exe

http://198.46.174.139/71/winiti.exe

http://nw.ax/8Kx

http://198.46.174.139/xampp/ezm/ez/somethinggreatwithmeentiretimegetmebackthingsgreatgoinggreatthignseverwewhichamazingthings___________reallygreatthingseverhappened.doc

http://198.46.174.139/55/winiti.exe

http://198.46.174.139/66077/winiti.exe

http://198.46.174.139/42/winiti.exe

Attack Patterns

Agent Tesla - S0331

Agent Tesla

T1071.003

T1204.001

T1059.001

T1566.002

T1555

T1113

T1071.001

T1566.001

T1219

T1027

T1056