Fake Purchase Order Used to Deliver Agent Tesla | FortiGuard LabsĀ 
Tags
cmtmf-attack-pattern: Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Masquerading Process Injection Stage Capabilities
country: Ukraine United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Application Layer Protocol - T1437 Boot Or Logon Autostart Execution - T1547 Command And Scripting Interpreter - T1623 Control Panel - T1218.002 Credentials - T1589.001 Credentials From Password Stores - T1555 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Input Capture - T1417 Keylogging - T1056.001 Keylogging - T1417.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Portable Executable Injection - T1055.002 Powershell - T1059.001 Process Injection - T1631 Reflective Code Loading - T1620 Registry Run Keys / Startup Folder - T1547.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Stage Capabilities - T1608 Visual Basic - T1059.005 Web Protocols - T1071.001 Web Protocols - T1437.001 Vulnerabilities - T1588.006 Upload Malware - T1608.001 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Input Capture - T1056 Masquerading - T1036 Powershell - T1086 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 Scheduled Task - T1053 Spearphishing Attachment - T1193 User Execution - T1204 Masquerading Spearphishing Attachment User Execution
Show in Graph
Common Information
Type Value
UUID fc1c7c55-98e5-4a9d-ab4c-1b5610bf9de7
Fingerprint 645cad5aea268ce2
Analysis status DONE
Considered CTI value 2
Text language
Published March 7, 2022, midnight
Added to db Sept. 11, 2022, 12:43 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Fake Purchase Order Used to Deliver Agent Tesla
Title Fake Purchase Order Used to Deliver Agent Tesla | FortiGuard LabsĀ 
Detected Hints/Tags/Attributes 88/4/128
Source URLs
Redirection Url
Details Source https://www.fortinet.com/blog/threat-research/fake-purchase-order-used-to-deliver-agent-tesla
URL Provider
Details Provider Source level domain
Details fortinet.com www.fortinet.com
Attributes
Details Type #Events CTI Value
Details CVE 1 
cve-2020-10786
Details CVE 1 
cve-2020-10787
Details Domain 1 
slot0.warongsoto.com
Details Domain 317 
bit.ly
Details Domain 7 
www.bitly.com
Details Domain 1 
download2261.mediafire.com
Details Domain 30 
www.mediafire.com
Details Domain 1 
warongsoto.com
Details File 1 
order001.ppam
Details File 1 
19.htm
Details File 1 
19.dll
Details File 1 
19.ps1
Details File 40 
aspnet_compiler.exe
Details File 1 
_compiler.exe
Details File 37 
1.dll
Details File 1 
10.dll
Details File 3 
11.dll
Details File 1 
12.dll
Details File 1 
13.dll
Details File 1 
14.dll
Details File 1 
15.dll
Details File 1 
16.dll
Details File 1 
17.dll
Details File 1 
18.dll
Details File 14 
2.dll
Details File 1 
20.dll
Details File 2 
21.dll
Details File 1 
22.dll
Details File 1 
23.dll
Details File 1 
24.dll
Details File 1 
25.dll
Details File 4 
3.dll
Details File 4 
4.dll
Details File 3 
5.dll
Details File 2 
6.dll
Details File 1 
7.dll
Details File 1 
8.dll
Details File 3 
9.dll
Details sha256 1 
27c7f5f2a21298c66a8eef11df73bfb1e9eef7b84974cef9af695a7e216efa21
Details sha256 1 
f86fdc385ba4467fd27093dfb6a642c705199ac3307d24096d7150fb6a80e8fd
Details sha256 1 
9971ee4c59f1838c111cfaa0bc26a6c08b80fd7364c193f6d8dca1a840d37b7f
Details sha256 1 
d147e24e603fb17ce3c6ec839cc8ad07bce06455037cc0e139cc68042153b7a7
Details sha256 1 
7659ec63cf7010158517ad0dfd3828f8b46592bdbc374d906bacd80a8500da4b
Details sha256 1 
d98d56aeb0a3dbd020c1f6ed9cfe0848a4d8c57dabbb064fbcd0305bdf8b329c
Details sha256 1 
4fd01bf61c49579a40efdd86d736930585ab3e79d9085177303ddcff61480e26
Details sha256 1 
7384900e7bb02b1028d92a145cbe2bdb5e3283336c0e5e6014afcd546b17b985
Details sha256 1 
efdfd9ccdfb052fd7693403d1e8e085594c1b3b7ed221fd6021f794b5ba752c5
Details sha256 1 
90313f269f0583fbc179beabae2a48b1b53594f1fb4a27556861d5d82ad722ec
Details sha256 1 
3c1636cf2a4296840d55a8baf9abb56e1c847c5d6e3a7df0d7040050d017e54c
Details sha256 1 
ec9e8cb17c92c4d6175fb3e715f73c4bef833742168451398a99de22f06fb52e
Details sha256 1 
87b7f2c05f3e63821de8ad22ee7ed9ca034cd61332ebae3e1f76af085696d5f8
Details sha256 1 
b5cf3d2594e148c458467c833b0d95976480fb054a7763e1f6dcf4187a61e1be
Details sha256 1 
0c3f881258ef9f1db9a9923945ab07351da8ba1a337aaccbcb6b5bd56ae080b3
Details sha256 1 
3b9d6fc6449b7b42e816a19c2b649a5e5cf4e724b2fcd93e56445deca89fb850
Details sha256 1 
34cffa6664c92f77ee60749e251a4ed18a15a3f0f61c78bcada9ea86478681e0
Details sha256 1 
380c8fc86237a6b847f40870e9a15ada1914f25174ff40838604354389ef9540
Details sha256 1 
b8403149f7a6e0fcccb9c6e793bdce7431385f86174d80b0c65f89a9c948a47f
Details sha256 1 
d7e76887903ebd361112531017e140d2bfaaa816598c648f3b1238dcc6906bf1
Details sha256 1 
cb758a93876acd5f7a314fda6ccb97d0fc115abfff7f22637b629b1e91cf1970
Details sha256 1 
f3d9873ee798bf649a22c50e3daeebadfc127a405c0d8f54266b66c4377901e0
Details sha256 1 
1bd2383346bf8b1924c179b1616af56a2bc4248717329b90e01ff13db45abe4f
Details sha256 1 
5dc6b8cc1e9d1ee535752e6c5320280f864ea660b5bf8657f96b8e2b1053c57a
Details sha256 1 
fa37bd017b82c1f7c545475f7a0cd786f81bc2cc024da46cbdb4071b22ed4ffb
Details sha256 1 
f69b85f5763cec5a5da5ce1152038ffeef7a2a75600003adbfeb3dc87502c8a8
Details sha256 1 
b409ff4cd1b8f18e80afa98b3306440391fb5cbe294e6da14e8146f63eca2c6c
Details sha256 1 
34eeedab0abbeb1baffccfdaef74e54a7786f24bc5024b2f23a6f9385fec9917
Details sha256 1 
6449d03a519cab4b7c4e19d53d57a16ae69b70d7df6be815bcb57dc7395ab991
Details sha256 1 
e77dcccb70ad61d50ac7e8c5da1f79d5bc22b1f42a6651252eb449241bd6068b
Details sha256 1 
c7840150dc084b1e0f6961ec61c39793bbed40fe17a7e24124dfe07f2c1a7b40
Details sha256 1 
f4542569e3f54cbc93ab835567507242dddcae2a84743da103332eeff3501abd
Details sha256 1 
851cc3973b096c8da88e1edb568c17750d019ca7f2528b3da933d33d7f306a46
Details sha256 1 
c0c3a9cbdc769f3b86eab40a9032769fe61e5e9b93ce7a93a0cc02ef43d4b9b5
Details sha256 1 
256f7cc33e3e359427702ff79e59c5eea73164cc74d96b6f24e6be19b62500e7
Details sha256 1 
445e6d6eba924cc86005c107f329b248997aac4149fbbd540a656fba50a68c19
Details sha256 1 
d321af1af7d8b0a19b87897938b23adb57c9089b73f2c15e0e2747b0071d1715
Details sha256 1 
822f2266ca284c5318e75c1286f7b4ed746e9289323b57462e227ed8d4d1ac8f
Details sha256 1 
399b6b1aed4b62c165fe074dd9a43dec0f0e1d5a50c89bfca4a902cbfdbc17d5
Details sha256 1 
6bcdc49281217c3d8a82ed29a6bc89154885b08954ac3f78fa11bb09bf34a109
Details sha256 1 
1df27f8d8b8572cb76d7275d7fe686c88f4297da39095c1399b1e55459dffdf6
Details sha256 1 
49bf5f9d59c27291fcb0d9f0c593dcb00ca9705e5d294e9c55353bdefbc37273
Details sha256 1 
a155ab7db6d22a44487d909bb040f5300b6e24283cdb7d7d902e7ce5cdd533bb
Details sha256 1 
fd210dfb8c2f3b33feee191608ef58dd2816f08e9850db734143115ba199690e
Details sha256 1 
5f53a249455bb903c2c57a5ce23bfa6d069966034f74947a70037deb1459dc88
Details sha256 1 
ad3be25985b1dfa0a72c7ce59365f2ae7142fb4b2a78b7905d10aeb13998ddd4
Details sha256 1 
9783473efeca3003d6a1b8db8fe0e1a8aa291f170110d974c058806a25b4c419
Details sha256 1 
b1043f48e99ef5b98f4987e1ffd3200cd6a32b3427ba2762310fdea58934d95c
Details sha256 1 
3e99aa348faffdf2d73867c47067ea17a96ca36e5329e30c3a37f45b4274d165
Details sha256 1 
0abbd4f17ec6dedefa188e39501b923286c56627acb87fec73271e459a383d0d
Details sha256 1 
dca3ac723a130e56fb158c34c68e1c4b7d8577d0dbe9d8b859bfff7ada34d02e
Details sha256 1 
4c0e2cb721585c480169b3804e17e2761bc5fe76584cf1375fccdb33ca64d5a5
Details IPv4 1 
194.99.46.38
Details IPv4 3 
192.154.226.47
Details MITRE ATT&CK Techniques 49 
T1608.001
Details MITRE ATT&CK Techniques 310 
T1566.001
Details MITRE ATT&CK Techniques 460 
T1059.001
Details MITRE ATT&CK Techniques 365 
T1204.002
Details MITRE ATT&CK Techniques 380 
T1547.001
Details MITRE ATT&CK Techniques 40 
T1055.002
Details MITRE ATT&CK Techniques 91 
T1620
Details MITRE ATT&CK Techniques 125 
T1555.003
Details MITRE ATT&CK Techniques 118 
T1056.001
Details MITRE ATT&CK Techniques 179 
T1087
Details MITRE ATT&CK Techniques 442 
T1071.001
Details Url 1 
https://www.mediafire.com/file/s2w0i5rhl9e4wje/1.dll
Details Url 1 
https://www.mediafire.com/file/u8t0g2vyrvoyldp/10.dll
Details Url 1 
https://www.mediafire.com/file/hheln09oi15b266/11.dll
Details Url 1 
https://www.mediafire.com/file/mra2u90srnmymxl/12.dll
Details Url 1 
https://www.mediafire.com/file/e7fmuc053m1vdz5/13.dll
Details Url 1 
https://www.mediafire.com/file/l3xh5g98wf5l4gv/14.dll
Details Url 1 
https://www.mediafire.com/file/5d7sd1qat59dtpy/15.dll
Details Url 1 
https://www.mediafire.com/file/2tpkh278oypz794/16.dll
Details Url 1 
https://www.mediafire.com/file/hjjo0rc7izwy4is/17.dll
Details Url 1 
https://www.mediafire.com/file/wy0e3mn2xyaqdhd/18.dll
Details Url 1 
https://www.mediafire.com/file/otza6n31talvvle/19.dll
Details Url 1 
https://www.mediafire.com/file/dsgxrjtpbyyzm7u/2.dll
Details Url 1 
https://www.mediafire.com/file/mf3pufkmdshddyq/20.dll
Details Url 1 
https://www.mediafire.com/file/ijdnf0wqv4e5frr/21.dll
Details Url 1 
https://www.mediafire.com/file/c9gt9xi3l9srlhi/22.dll
Details Url 1 
https://www.mediafire.com/file/pqk7p5p1vvcv5s1/23.dll
Details Url 1 
https://www.mediafire.com/file/mqbl43fcem1fndd/24.dll
Details Url 1 
https://www.mediafire.com/file/xz0guzs3g004f0i/25.dll
Details Url 1 
https://www.mediafire.com/file/qe4ece114vu4n0o/3.dll
Details Url 1 
https://www.mediafire.com/file/wbh1kq3u82mcso6/4.dll
Details Url 1 
https://www.mediafire.com/file/x0o4nlef7snbixu/5.dll
Details Url 1 
https://www.mediafire.com/file/xrnlyn4pjcmcfyf/6.dll
Details Url 1 
https://www.mediafire.com/file/qbzdrs7ulvvzfay/7.dll
Details Url 1 
https://www.mediafire.com/file/9q41qxg988c3opx/8.dll
Details Url 1 
https://www.mediafire.com/file/xxbskabqkber6oq/9.dll