← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malicious Compiled HTML Help File Delivering Agent Tesla
WHITE AlienVault 2022-05-13 Modified: 2022-05-13
15
IOCs
MEDIUM VOLUME
Unit 42 observed malicious compiled HTML help files for the initial delivery. They will show how to analyze the malicious compiled HTML help file. They will then follow the chain of attack through JavaScript and multiple stages of PowerShell and show how to analyze them up to the final payload.
HTMLJavaScriptPowerShell
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Agent Tesla
Indicators of Compromise (5 / 15 total)
All hostname URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 081fd54d8d4731bbea9a2588ca53672feef0b835dc9fa9855b020a352819feaa 2022-05-13
FileHash-SHA256 0fd2e47d373e07488748ac63d9229fdef4fd83d51cf6da79a10628765956de7a 2022-05-13
FileHash-SHA256 3446ec621506d87d372c596e1d384d9fd2c1637b3655d7ccadf5d9f64678681e 2022-05-13
FileHash-SHA256 9ba024231d4aed094757324d8c65c35d605a51cdc1e18ae570f1b059085c2454 2022-05-13
FileHash-SHA256 c684f1a6ec49214eba61175303bcaacb91dc0eba75abd0bd0e2407f3e65bce2a 2022-05-13
References (1)
↗ https://unit42.paloaltonetworks.com/malicious-compiled-html-help-file-agent-tesla/