ioc[.]one - OSINT Cyber Threat Intelligence Database

Threat Thursday: Agent Tesla Infostealer

Tags

cmtmf-attack-pattern:	Code Injection
country:	Russia U.S. Virgin Islands
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Code Injection - T1540 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Email Account - T1087.003 Email Accounts - T1585.002 Email Accounts - T1586.002 Email Addresses - T1589.002 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Process Hollowing - T1055.012 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Tool - T1588.002 Connection Proxy - T1090 Graphical User Interface - T1061 Process Hollowing - T1093 Screen Capture - T1113 Graphical User Interface Screen Capture

Show in Graph

Common Information

Type	Value
UUID	39166bcc-26f7-4d3f-8108-6e9243fa9355
Fingerprint	8e1c0f5a813236ae
Analysis status	DONE
Considered CTI value	1
Text language
Published	June 24, 2021, 4:01 a.m.
Added to db	Sept. 11, 2022, 12:46 p.m.
Last updated	Nov. 17, 2024, 6:30 p.m.
Headline	Threat Thursday: Agent Tesla Infostealer
Title	Threat Thursday: Agent Tesla Infostealer
Detected Hints/Tags/Attributes	116/4/15

Source URLs

	Redirection	Url
Details	Source	https://blogs.blackberry.com/en/2021/06/threat-thursday-agent-tesla-infostealer-malware

URL Provider

Details	Provider	Source level domain
Details	blackberry.com	blogs.blackberry.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	3		agenttesla.com
Details	Domain	56		vb.net
Details	Domain	129		api.ipify.org
Details	Domain	1		mail.rakub.org
Details	Domain	37		www.blackberry.com
Details	File	72		regsvcs.exe
Details	File	1		regsvc.exe
Details	File	1		avrzbm.exe
Details	File	1		'regsvc.exe
Details	File	1		'avzbm.exe
Details	File	68		mscoree.dll
Details	File	1		%avrzbm.exe
Details	md5	22		f34d5f2d4577ed6d9ceec516c1f5a744
Details	Url	17		https://www.blackberry.com/us/en/forms/cylance/handraiser/emergency-incident-response-containment
Details	Windows Registry Key	582		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run