Agent Tesla Indicators of Compromise (IOC) Feed
Sept. 18, 2024, 9 a.m.
Tags
External References
Description
Agent Tesla is a sophisticated malware functioning primarily as a keylogger, capable of capturing sensitive data like usernames and passwords from infected computers. It can also take screenshots, extract credentials from various software, and act as a remote access tool. The malware's versatility allows it to exfiltrate data through multiple channels, including FTP, email, and Telegram, making it particularly effective at bypassing standard security measures. First identified around 2014, Agent Tesla has evolved to become more adept at evading detection and expanding its functionality. It is typically spread through phishing emails, malicious attachments, or compromised websites. Its ease of customization and adaptability make it a preferred choice among cybercriminals, posing a significant threat to cybersecurity.
Date
Published: Sept. 18, 2024, 8:32 a.m.
Created: Sept. 18, 2024, 8:32 a.m.
Modified: Sept. 18, 2024, 9 a.m.
Indicators
198.46.174.139
https://198.46.174.139/xampp/uhb/uh/wethkingwearereallyamazingtogetmebackwithnewthingstounderstandbetterthingsforyou___________________sheisgreattounderstandwearego.doc
https://198.46.174.139/55/winiti.exe
http://198.46.174.139/71/winiti.exe
http://nw.ax/8Kx
http://198.46.174.139/xampp/ezm/ez/somethinggreatwithmeentiretimegetmebackthingsgreatgoinggreatthignseverwewhichamazingthings___________reallygreatthingseverhappened.doc
http://198.46.174.139/55/winiti.exe
http://198.46.174.139/66077/winiti.exe
http://198.46.174.139/42/winiti.exe
Attack Patterns
Agent Tesla - S0331
Agent Tesla
T1071.003
T1204.001
T1059.001
T1566.002
T1555
T1113
T1071.001
T1566.001
T1219
T1027
T1056