2021-08-04 Agent Tesla IOCs

1. THREAT ATTRIBUTION: AGENT TESLA
2.  
3. SUBJECTS OBSERVED
4. INQUIRY RFQ No3756368 Norma Pacific Pty Ltd
5.  
6. SENDERS OBSERVED
7. [email protected]
8.  
9. MALDOC FILE HASHES
10. inquiry RFQ No3756368.xlsx
11. 288366c7e10c7efde9c800337ad0791c
12.  
13. AGENT TESLA PAYLOAD DOWNLOAD URLS
14. http://192.3.13.125/god/ongod.exe
15.  
16. AGENT TESLA PAYLOAD FILE HASHES
17. ongod.exe
18. 2254a05b64b7f1b84739aa01888e1d0d
19.  
20. Renamed to:
21. vbc.exe
22. 2254a05b64b7f1b84739aa01888e1d0d
23.  
24. AGENT TESLA ESMTP DESTINATION
25. https://208.91.198.143:587
26. us2.outbound.mailhostbox.com
27.  
28. EXFILTRATION INFORMATION
29. Sender: [email protected]
30. Password: PAPARAZI3116
31.  
32. SUPPORTING EVIDENCE
33. https://urlhaus.abuse.ch/url/1505248/
34. https://www.virustotal.com/gui/file/d31a1d9e7d79728f0fd4a581a9f98fd54b9f468aa3fc17fc436e52a13dc92124/detection
35. https://www.virustotal.com/gui/file/66eee5b2f2d5356fc7e5aaf37b28536b36c8c13158e80972b6404bf3218e9574/detection
36.  
37.