otx.alienvault.com
Open in
urlscan Pro
13.224.193.120
Public Scan
URL:
https://otx.alienvault.com/pulse/614c8b0439d5b0b66f92cbf7?source=email_notification
Submission: On September 23 via api from US — Scanned from DE
Submission: On September 23 via api from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (158705) Suggest Edit Clone Embed Download Report Spam REMCOS AND AGENT TESLA LOADED INTO MEMORY WITH REZER0 LOADER * Created 33 minutes ago by AlienVault * Public * TLP: White Telsy reports on a recent phishing campaign conducted against individuals in the Italian government and other companies. Said campaign installs either REMCOS or Agent Tesla in the victims' computers. References: https://www.telsy.com/remcos-and-agent-tesla-loaded-into-memory-with-rezer0-loader/ Cyber-Report-1-REMCOS-and-Agent-Tesla-loaded-into-memory-with-Rezer0-loader.pdf Tags: agent tesla, remcos, ReZer0 Industries: Government, Banking Malware Families: Agent Tesla , Remcos , ReZer0 Att&ck IDs: T1115 - Clipboard Data , T1566 - Phishing , T1137.001 - Office Template Macros , T1056.001 - Keylogging , T1056 - Input Capture , T1001 - Data Obfuscation , T1140 - Deobfuscate/Decode Files or Information , T1407 - Download New Code at Runtime , T1497 - Virtualization/Sandbox Evasion , T1053 - Scheduled Task/Job , T1562 - Impair Defenses , T1089 - Disabling Security Tools Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (46) * Related Pulses (2) * Comments (0) * History (0) FileHash-MD5 (11)URL (3)FileHash-SHA1 (21)FileHash-SHA256 (11) TYPES OF INDICATORS Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses URLhttp://psm-ir.com/powersSep 23, 2021, 2:11:16 PM1 URLhttp://psm-ir.com/ghostSep 23, 2021, 2:11:16 PM1 URLhttp://psm-ir.com/gemniSep 23, 2021, 2:11:16 PM1 FileHash-SHA256eefb7c976c4962bef2c3553df1061326ccb68dca91224fe81b4cbcf93368bdbaSep 23, 2021, 2:11:16 PM1 FileHash-SHA256d13f851f489a850837c09a130d41a01a9ee7f4c10f4e3fde5ab6dd2658f78c2aWin32:PWSX-gen\ [Trj]Sep 23, 2021, 2:11:16 PM2 FileHash-SHA256a9f57838861052d6907c1ecae103fa5fed6dd1ac78156a7b41b9c80fe8247905Sep 23, 2021, 2:11:16 PM1 FileHash-SHA256a6da6ad9ccdb4a19150143345b42c6e30af534d300b5cf42e4bafe54c5a496bcWin32:CrypterX-gen\ [Trj]Sep 23, 2021, 2:11:16 PM1 FileHash-SHA256765ddf2da4feba42379d78e79fea5ad23a28a5de5d8359f18c9be28031a9ef5bWin32:CrypterX-gen\ [Trj]Sep 23, 2021, 2:11:16 PM1 FileHash-SHA2566912e4bedd1288f116e968f0a79d9797f6d6bd24d45a5f10c52e20f9d33b8c61Sep 23, 2021, 2:11:16 PM1 FileHash-SHA25658f465541e9fe204911a03c7c7bdf467327c1e448358a471beeb3bc898eb5666Win32:CrypterX-gen\ [Trj]Sep 23, 2021, 2:11:16 PM1 SHOWING 1 TO 10 OF 46 ENTRIES 1 2 3 4 5 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2021 AlienVault, Inc. * Legal * Status