CVE-2017-11882 To Deliver Agent Tesla [Wednesday, January 03, 2024]

CVE-2017-11882 To Deliver Agent Tesla [Wednesday, January 03, 2024]
Report

CVE-2017-11882 To Deliver Agent Tesla

Description :
First discovered in 2014, Agent Tesla is an advanced keylogger with features like clipboard logging, screen keylogging, screen capturing, and extracting stored passwords from different web browsers. Recently, Zscaler ThreatLabz detected a threat campaign where threat actors leverage CVE-2017-11882 XLAM to spread Agent Tesla to users on vulnerable versions of Microsoft Office.

Published Created Modified
2024-01-03 16:51:57 2024-01-03 16:51:57 2024-01-03 17:20:33

Tags

Indicators

IPv4s :
  • 193.42.33.51
  • 79.110.48.52
URLs :
  • http://79.110.48.52/nix.txt
  • http://193.42.33.51/knog.txt
  • http://79.110.48.52/nicko.vbs
Hashes :
  • 5944d934a0233b9c30cfa0b20afe86a09e6afa67030daad7d8c1f0534a9d629e
  • 74dd5df1dac36bb348452e5d084f1a10c692e1bad2b1491cc41c2980a002d8af
  • d6369d763d29a8b60c9cb16966ca213d6c1fbfc9cf97d96aa4f6c97fa324abe2
  • d0a1a4d065d7614fac58c3e4ed5f52e8889372a2d6c3d5bfa5c291cc1f990100
  • 7988501f67d983c87769531838a8554a2fa186c3bb5ea76b9b697491c81ed7a0
  • 4894c3f698e1101a02c7af04e0fd81e36a0d91c0ce7c7003234e7bc18906f024
  • f8847e6cfa9d58ce821bca8d28dffabf0217bee958a71d1b1bcffbc44a48487d
  • b7ff72b60c763c4f62ea0b572f261c5d87bd55f4b33903150ebd08b339fc72da
  • 1bead1d425196aa29d74a07fca9519db1e42242ad63e7a157979b83ee1722980
  • 5bd807ee6e5be63484adb9329a8143f44b7d09a15bb6b878912b3749bd371fd6
  • 6d905511eb7f3672603bc86b2589df6c7b7a24a208e78cf6aa5a82501c3796cd
  • d8268bed755a9098351b3acfbfca2096882c89ae5517621d34580b4de8ee6120
  • f46d02a1a66fb46ef0d0fbeae13167d87329b22751868091fd7db732e509e914
  • 51f3c279d3fa8690b49d1bd6b370ec18d055fcb10aa3cd83957afb1f7fd911f3
  • 113e16425e010952150f3c1f7ae615602cd4ca30826b0e7518aa058341058a94
  • 63b53c9f93e262d689fd45a2e2117e374e5ea602d27a9cb2e8d10b289a4d46d5
  • b23d109a78e598eeec4375e08760c8e0ae961bdc117587e4e3f85c8c4058b842
  • e03449995cd2b68758a3e44534fdb50f13070e743c9bd1e0d3b1f715c7e26e65
  • 3c8af2392b872632e0090fa002ec74852697b8cfbfeccf6f238eb175d56aed14
  • a2061a6a280485cb336a308d9906096b1417268aecce7d580e68049bcb59f18c
  • ea692e0b71d678d18c157a5980625e75f9060c97f9209a562691ebf92f726e84
  • 29dae9996c81b0782866306c0faf4811226881061265b1c209a8ba02817c8892
  • 3192d349187fb4f6cea676911f919ecc13e5b33db328d14ae7bddc0c9570ad8e
  • 1acf61ab5912011c1e3bed1fc4bca2b17f1d9098245976415e2d8d40ee3e472e
  • a0dd51a53c5fa0242e06b68f39fa55d9b21b703c5014098ce5a1889e41c3d357
  • 39eeda113ece91266296dfc3b9d00a6740bee7b0e695c277e49fa1966b8dfda9
  • 10e510fbc242542d046a32efbdde7501b3c4f12211b77649b701769175687f63
  • 0ee09ee5a382f01dfb53c94676b9c5676b1b82be91f46b6a2ffc1996c321a994
  • 39e68b3555c03c108a8dc3f9373a2031ba20ce5e0adc492ab3b2d2e5d3150d86
  • 437c9a84221317873865c1a2e61fcb6011dafff7afb646c482dfefb400da0186
  • 411ff6f1702fc4c00c095688a3e3e7bc2a495bea2b50debc326d76ed9dcfec20
  • 4a793a9dfa5fac79c6e6b8f1d36e8719cc8f2849849259f364ee8e4af08d9613
  • b2046015aca079fe04a94f5aa2573c1ba678469c920a52cfe784547771a0b0ce
  • 02a837d139709853b2ab7c3f1c55802c880fd133b731cfb2a15830230c5babd2
  • 6c006e3c02417e43c43c66bf5e986a64b2bdced8cf62912e5d6e1de16ed90452
  • 6900e4e68cea5bf65ebd1d817d9408351539a8b152c80f88d70d6ff04479782e
  • 3c1779c16357cb3d3ffdc0d66009f8fc0df7c618d189623f315e53887c11a453
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.