Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: AGENT TESLA
- SUBJECTS OBSERVED
- INQUIRY RFQ No3756368 Norma Pacific Pty Ltd
- SENDERS OBSERVED
- manager@alwefaq.com.ly
- MALDOC FILE HASHES
- inquiry RFQ No3756368.xlsx
- 288366c7e10c7efde9c800337ad0791c
- AGENT TESLA PAYLOAD DOWNLOAD URLS
- http://192.3.13.125/god/ongod.exe
- AGENT TESLA PAYLOAD FILE HASHES
- ongod.exe
- 2254a05b64b7f1b84739aa01888e1d0d
- Renamed to:
- vbc.exe
- 2254a05b64b7f1b84739aa01888e1d0d
- AGENT TESLA ESMTP DESTINATION
- https://208.91.198.143:587
- us2.outbound.mailhostbox.com
- EXFILTRATION INFORMATION
- Sender: razilogs@razilogs.com
- Password: PAPARAZI3116
- SUPPORTING EVIDENCE
- https://urlhaus.abuse.ch/url/1505248/
- https://www.virustotal.com/gui/file/d31a1d9e7d79728f0fd4a581a9f98fd54b9f468aa3fc17fc436e52a13dc92124/detection
- https://www.virustotal.com/gui/file/66eee5b2f2d5356fc7e5aaf37b28536b36c8c13158e80972b6404bf3218e9574/detection
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement