← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malicious Compiled HTML Help File Delivering Agent Tesla
WHITE AlienVault 2022-05-13 Modified: 2022-05-13
15
IOCs
MEDIUM VOLUME
Unit 42 observed malicious compiled HTML help files for the initial delivery. They will show how to analyze the malicious compiled HTML help file. They will then follow the chain of attack through JavaScript and multiple stages of PowerShell and show how to analyze them up to the final payload.
HTMLJavaScriptPowerShell
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Agent Tesla
Indicators of Compromise (4 / 15 total)
All hostname URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 2f69d9c1873e66d93862b8ab1e206a358579f7fd SHA1 of 0fd2e47d373e07488748ac63d9229fdef4fd83d51cf6da79a10628765956de7a 2022-05-13
FileHash-SHA1 7d69e251a3ae370ba996380e6712ca117ea2a1b6 SHA1 of 3446ec621506d87d372c596e1d384d9fd2c1637b3655d7ccadf5d9f64678681e 2022-05-13
FileHash-SHA1 a50c2a927bc2d793bd21e29529a267e4de51f48b SHA1 of 9ba024231d4aed094757324d8c65c35d605a51cdc1e18ae570f1b059085c2454 2022-05-13
FileHash-SHA1 f8dbeaf04a5d6667f79b27b3d3deb63e3c89e706 SHA1 of 081fd54d8d4731bbea9a2588ca53672feef0b835dc9fa9855b020a352819feaa 2022-05-13
References (1)
↗ https://unit42.paloaltonetworks.com/malicious-compiled-html-help-file-agent-tesla/