Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
Tags
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Keychain - T1634.001 Keychain - T1555.001 Keychain - T1579 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Keychain - T1142 Rootkit - T1014 Rootkit
Show in Graph
Common Information
Type Value
UUID b99b5656-c423-4984-a1ef-1ede9a8f2e3d
Fingerprint ac14094028be8aa7
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 15, 2018, noon
Added to db Sept. 26, 2022, 9:32 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Vulnerability Information
Title Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
Detected Hints/Tags/Attributes 69/1/43
Source URLs
Redirection Url
Details Source https://blog.talosintelligence.com/2018/10/old-dog-new-tricks-analysing-new-rtf_15.html
URL Provider
Details Provider Source level domain
Details talosintelligence.com blog.talosintelligence.com
Attributes
Details Type #Events CTI Value
Details CVE 269 
cve-2017-0199
Details CVE 375 
cve-2017-11882
Details Domain 7 
agile.net
Details Domain 1 
avast.dongguanmolds.com
Details Domain 1 
avast.aandagroupbd.website
Details Domain 7 
alphastand.top
Details Domain 9 
alphastand.trade
Details Domain 9 
alphastand.win
Details Domain 12 
kbfvzoboss.bid
Details Domain 1 
logs.biznetviigator.com
Details File 323 
winword.exe
Details File 57 
eqnedt32.exe
Details File 17 
scvhost.exe
Details File 1122 
svchost.exe
Details File 1 
3027748749.rtf
Details File 748 
kernel32.dll
Details File 1 
xyz123.exe
Details File 1 
xs.dll
Details File 1 
proforma_invoice_amc18.docx
Details File 1 
proforma_invoice_amc19.docx
Details File 1 
hsbc8117695310.doc
Details File 82 
fre.php
Details sha256 1 
cf193637626e85b34a7ccaed9e4459b75605af46cedc95325583b879990e0e61
Details sha256 1 
a8ac66acd22d1e194a05c09a3dc3d98a78ebcc2914312cdd647bc209498564d8
Details sha256 1 
38fa057674b5577e33cee537a0add3e4e26f83bc0806ace1d1021d5d110c8bb2
Details sha256 1 
4fa7299ba750e4db0a18001679b4a23abb210d4d8e6faf05ce2cbe2586aff23f
Details sha256 1 
1dd34c9e89e5ce7a3740eedf05e74ef9aad1cd6ce7206365f5de78a150aa9398
Details sha256 1 
5efab642326ea8f738fe1ea3ae129921ecb302ecce81237c44bf7266bc178bff
Details sha256 1 
55607c427c329612e4a3407fca35483b949fc3647f60d083389996d533a77bc7
Details sha256 1 
992e8aca9966c1d42ff66ecabacde5299566e74ecb9d146c746acc39454af9ae
Details sha256 1 
d9f1d308addfdebaa7183ca180019075c04cd51a96b1693a4ebf6ce98aadf678
Details sha256 1 
7c9f8316e52edf16dde86083ee978a929f4c94e3e055eeaef0ad4edc03f4a625
Details sha256 1 
8b779294705a84a34938de7b8041f42b92c2d9bcc6134e5efed567295f57baf9
Details sha256 1 
996c88f99575ab5d784ad3b9fa3fcc75c7450ea4f9de582ce9c7b3d147f7c6d5
Details sha256 1 
dcab4a46f6e62cfaad2b8e7b9d1d8964caaadeca15790c6e19b9a18bc3996e18
Details IPv4 1 
46.166.133.164
Details Url 1 
http://avast.dongguanmolds.com
Details Url 1 
http://46.166.133.164/0x22/fre.php
Details Url 5 
http://alphastand.top/alien/fre.php
Details Url 5 
http://alphastand.trade/alien/fre.php
Details Url 5 
http://alphastand.win/alien/fre.php
Details Url 5 
http://kbfvzoboss.bid/alien/fre.php
Details Url 1 
http://logs.biznetviigator.com/0x22/fre.php