• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Bitter APT Group – Active IOCs
November 22, 2022
Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
November 22, 2022

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

November 22, 2022

Severity

Medium

Analysis Summary

Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed in many forms, most notably via phishing attempts. AgentTesla is renowned for stealing data from a variety of target workstations’ apps, including browsers, FTP clients, and file downloaders. Agent Tesla grabs data from the victim’s clipboard, logs keystrokes, captures screenshots, and gains access to the victim’s webcam. It has the ability to terminate running analytic programs and anti-virus applications. In an attempt to disguise its capabilities and activities from researchers, the malware also runs simple checks to see if it is operating on a virtual machine or in debug mode.

Impact

  • Sensitive Data Theft
  • Credentials Theft

Indicators of Compromise

MD5

fcfd55601c5e5f3e17681ff1e638b6b6
24dfc631292f428f394c43bd10d6c902
492d1480cd57ec8fe0b4fd6f4125f9c8
e1c218e55cf799c882b06e85b442ba71

SHA-256

42593408bf4102a927dfcfba1d7d7652b5e55ef0ef76b3707b84adc024b0542a
3f82b2c34a7dde7bc17b631ce8c3a2005bbf42ea114029a06e26805aba75f271
386a6b6083a7df77274ef9fed5d825cbddc4cdcfd8ac8997bd17512de8c216da
b861c4b970f924a31c68e4b1dbab9d5d5fceb2424a13241488d5daf11d0b773f

SHA-1

573d2daa26f2fdce8b20862076f4ef4d1b150aff
617f7260b6a2f1bab595b4eb0c6cd10d264554bb
44a009e8d34ac22f657117ff414dbc43bbcbfd9d
2a22506028027c191b01ad4f73e8fc6d6b9b6ee9

Remediation

  • Block all threat indicators at your respective controls. 
  • Search for IOCs in your environment.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.