Rewterz Threat Alert – Bitter APT Group – Active IOCs
November 22, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
November 22, 2022Rewterz Threat Alert – Bitter APT Group – Active IOCs
November 22, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
November 22, 2022Severity
Medium
Analysis Summary
Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed in many forms, most notably via phishing attempts. AgentTesla is renowned for stealing data from a variety of target workstations’ apps, including browsers, FTP clients, and file downloaders. Agent Tesla grabs data from the victim’s clipboard, logs keystrokes, captures screenshots, and gains access to the victim’s webcam. It has the ability to terminate running analytic programs and anti-virus applications. In an attempt to disguise its capabilities and activities from researchers, the malware also runs simple checks to see if it is operating on a virtual machine or in debug mode.
Impact
- Sensitive Data Theft
- Credentials Theft
Indicators of Compromise
MD5
fcfd55601c5e5f3e17681ff1e638b6b6
24dfc631292f428f394c43bd10d6c902
492d1480cd57ec8fe0b4fd6f4125f9c8
e1c218e55cf799c882b06e85b442ba71
SHA-256
42593408bf4102a927dfcfba1d7d7652b5e55ef0ef76b3707b84adc024b0542a
3f82b2c34a7dde7bc17b631ce8c3a2005bbf42ea114029a06e26805aba75f271
386a6b6083a7df77274ef9fed5d825cbddc4cdcfd8ac8997bd17512de8c216da
b861c4b970f924a31c68e4b1dbab9d5d5fceb2424a13241488d5daf11d0b773f
SHA-1
573d2daa26f2fdce8b20862076f4ef4d1b150aff
617f7260b6a2f1bab595b4eb0c6cd10d264554bb
44a009e8d34ac22f657117ff414dbc43bbcbfd9d
2a22506028027c191b01ad4f73e8fc6d6b9b6ee9
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.