Agent Tesla Indicators of Compromise (IOC) Feed
Sept. 18, 2024, 9 a.m.
Description
Agent Tesla is a sophisticated malware functioning primarily as a keylogger, capable of capturing sensitive data like usernames and passwords from infected computers. It can also take screenshots, extract credentials from various software, and act as a remote access tool. The malware's versatility allows it to exfiltrate data through multiple channels, including FTP, email, and Telegram, making it particularly effective at bypassing standard security measures. First identified around 2014, Agent Tesla has evolved to become more adept at evading detection and expanding its functionality. It is typically spread through phishing emails, malicious attachments, or compromised websites. Its ease of customization and adaptability make it a preferred choice among cybercriminals, posing a significant threat to cybersecurity.
Tags
Date
- Created: Sept. 18, 2024, 8:32 a.m.
- Published: Sept. 18, 2024, 8:32 a.m.
- Modified: Sept. 18, 2024, 9 a.m.
Indicators
- 198.46.174.139
- https://198.46.174.139/xampp/uhb/uh/wethkingwearereallyamazingtogetmebackwithnewthingstounderstandbetterthingsforyou___________________sheisgreattounderstandwearego.doc
- https://198.46.174.139/55/winiti.exe
- http://198.46.174.139/71/winiti.exe
- http://nw.ax/8Kx
- http://198.46.174.139/xampp/ezm/ez/somethinggreatwithmeentiretimegetmebackthingsgreatgoinggreatthignseverwewhichamazingthings___________reallygreatthingseverhappened.doc
- http://198.46.174.139/55/winiti.exe
- http://198.46.174.139/66077/winiti.exe
- http://198.46.174.139/42/winiti.exe
Attack Patterns
- Agent Tesla - S0331
- Agent Tesla
- T1071.003
- T1204.001
- T1059.001
- T1566.002
- T1555
- T1113
- T1071.001
- T1566.001
- T1219
- T1027
- T1056