#agenttesla — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #agenttesla, aggregated by home.social.
-
Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla
Pulse ID: 69eaf82210e0ac6fd2a26c35
Pulse Link: https://otx.alienvault.com/pulse/69eaf82210e0ac6fd2a26c35
Pulse Author: Tr1sa111
Created: 2026-04-24 04:57:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AgentTesla #CyberSecurity #HTML #InfoSec #OTX #OpenThreatExchange #Tesla #bot #Tr1sa111
-
Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla
This analysis examines an attack chain utilizing malicious compiled HTML help (.chm) files for initial payload delivery. The attack begins with a 7zip compressed file containing a weaponized CHM file that displays a decoy window while executing obfuscated JavaScript code. This JavaScript launches PowerShell commands that verify internet connectivity by pinging Google, then downloads additional PowerShell code disguised as a JPEG file. The second stage decompresses and loads multiple byte arrays in memory, including a loader DLL and compressed Agent Tesla payload. The final Agent Tesla sample executes through process injection into RegAsm.exe and uses FTP protocol to exfiltrate stolen data including keystrokes, screenshots, and camera recordings to attacker-controlled infrastructure at ftp.videoalliance[.]ru.
Pulse ID: 69e991a65ee2b4802a077236
Pulse Link: https://otx.alienvault.com/pulse/69e991a65ee2b4802a077236
Pulse Author: AlienVault
Created: 2026-04-23 03:27:34Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#7Zip #AgentTesla #CyberSecurity #Google #HTML #InfoSec #Java #JavaScript #OTX #OpenThreatExchange #PowerShell #RAT #Tesla #Troll #ZIP #bot #AlienVault
-
Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla
This analysis examines an attack chain utilizing malicious compiled HTML help (.chm) files for initial payload delivery. The attack begins with a 7zip compressed file containing a weaponized CHM file that displays a decoy window while executing obfuscated JavaScript code. This JavaScript launches PowerShell commands that verify internet connectivity by pinging Google, then downloads additional PowerShell code disguised as a JPEG file. The second stage decompresses and loads multiple byte arrays in memory, including a loader DLL and compressed Agent Tesla payload. The final Agent Tesla sample executes through process injection into RegAsm.exe and uses FTP protocol to exfiltrate stolen data including keystrokes, screenshots, and camera recordings to attacker-controlled infrastructure at ftp.videoalliance[.]ru.
Pulse ID: 69e991a65ee2b4802a077236
Pulse Link: https://otx.alienvault.com/pulse/69e991a65ee2b4802a077236
Pulse Author: AlienVault
Created: 2026-04-23 03:27:34Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#7Zip #AgentTesla #CyberSecurity #Google #HTML #InfoSec #Java #JavaScript #OTX #OpenThreatExchange #PowerShell #RAT #Tesla #Troll #ZIP #bot #AlienVault
-
Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla
This analysis examines an attack chain utilizing malicious compiled HTML help (.chm) files for initial payload delivery. The attack begins with a 7zip compressed file containing a weaponized CHM file that displays a decoy window while executing obfuscated JavaScript code. This JavaScript launches PowerShell commands that verify internet connectivity by pinging Google, then downloads additional PowerShell code disguised as a JPEG file. The second stage decompresses and loads multiple byte arrays in memory, including a loader DLL and compressed Agent Tesla payload. The final Agent Tesla sample executes through process injection into RegAsm.exe and uses FTP protocol to exfiltrate stolen data including keystrokes, screenshots, and camera recordings to attacker-controlled infrastructure at ftp.videoalliance[.]ru.
Pulse ID: 69e991a65ee2b4802a077236
Pulse Link: https://otx.alienvault.com/pulse/69e991a65ee2b4802a077236
Pulse Author: AlienVault
Created: 2026-04-23 03:27:34Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#7Zip #AgentTesla #CyberSecurity #Google #HTML #InfoSec #Java #JavaScript #OTX #OpenThreatExchange #PowerShell #RAT #Tesla #Troll #ZIP #bot #AlienVault
-
Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla
This analysis examines an attack chain utilizing malicious compiled HTML help (.chm) files for initial payload delivery. The attack begins with a 7zip compressed file containing a weaponized CHM file that displays a decoy window while executing obfuscated JavaScript code. This JavaScript launches PowerShell commands that verify internet connectivity by pinging Google, then downloads additional PowerShell code disguised as a JPEG file. The second stage decompresses and loads multiple byte arrays in memory, including a loader DLL and compressed Agent Tesla payload. The final Agent Tesla sample executes through process injection into RegAsm.exe and uses FTP protocol to exfiltrate stolen data including keystrokes, screenshots, and camera recordings to attacker-controlled infrastructure at ftp.videoalliance[.]ru.
Pulse ID: 69e991a65ee2b4802a077236
Pulse Link: https://otx.alienvault.com/pulse/69e991a65ee2b4802a077236
Pulse Author: AlienVault
Created: 2026-04-23 03:27:34Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#7Zip #AgentTesla #CyberSecurity #Google #HTML #InfoSec #Java #JavaScript #OTX #OpenThreatExchange #PowerShell #RAT #Tesla #Troll #ZIP #bot #AlienVault
-
Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla
This analysis examines an attack chain utilizing malicious compiled HTML help (.chm) files for initial payload delivery. The attack begins with a 7zip compressed file containing a weaponized CHM file that displays a decoy window while executing obfuscated JavaScript code. This JavaScript launches PowerShell commands that verify internet connectivity by pinging Google, then downloads additional PowerShell code disguised as a JPEG file. The second stage decompresses and loads multiple byte arrays in memory, including a loader DLL and compressed Agent Tesla payload. The final Agent Tesla sample executes through process injection into RegAsm.exe and uses FTP protocol to exfiltrate stolen data including keystrokes, screenshots, and camera recordings to attacker-controlled infrastructure at ftp.videoalliance[.]ru.
Pulse ID: 69e991a65ee2b4802a077236
Pulse Link: https://otx.alienvault.com/pulse/69e991a65ee2b4802a077236
Pulse Author: AlienVault
Created: 2026-04-23 03:27:34Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#7Zip #AgentTesla #CyberSecurity #Google #HTML #InfoSec #Java #JavaScript #OTX #OpenThreatExchange #PowerShell #RAT #Tesla #Troll #ZIP #bot #AlienVault
-
2026-02-03 (Tuesday): #GuLoader for #AgentTesla style malware with FTP data exfiltration.
A #pcap of the infection traffic, associated files, and a list of indicators are available at https://www.malware-traffic-analysis.net/2026/02/03/index.html
Two online sandboxes tag this sample as AgentTesla, but I'm not sure what the actual name of this malware is.
- https://tria.ge/260203-tvhlyahx7c
- https://app.any.run/tasks/0840196f-2b8f-415c-8ca7-af0c8f394b0d -
Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain
#AgentTesla
https://www.bitdefender.com/en-us/blog/labs/fake-leonardo-dicaprio-movie-torrent-agent-tesla-powershell -
📬 „One Battle After Another”: Torrent versteckt Malware in Untertiteln
#Cyberangriffe #ITSicherheit #Warez #AgentTesla #BeniciodelToro #Bitdefender #LeonardoDiCaprio #OneBattleAfterAnother #SeanPenn https://sc.tarnkappe.info/d99b71 -
Cybercriminals are luring torrent users with a fake Leonardo DiCaprio movie, "One Battle After Another," hiding Agent Tesla RAT in subtitle files and disguised payloads. The stealthy chain uses Windows tools for fileless infection, keylogging, and data theft—stay safe! 🚨🎥💻 https://cyberinsider.com/malware-sneaked-via-subtitles-file-of-fake-dicaprio-movie-torrent/ #Cybersecurity #Malware #AgentTesla #Newz
-
„One Battle After Another“-Torrent versteckt Malware in Untertitel‑Dateien
Zu Weihnachten wird viel gestreamt. Doch: Vorsicht bei illegalen Quellen! Gerade frisch auf dem Markt: ein gefälschter Torrent des Leonardo DiCaprio-Films „One Battle After Another“. Gratis mit dabei die SpyWare Agent Tesla.
Mehr: https://maniabel.work/archiv/783
#SpyTool #AgentTesla #windows #PowerShellScript #infosec #infosecnews #BeDiS
-
Torrent for DiCaprio’s “One Battle After Another” Movie Drops Agent Tesla https://hackread.com/dicaprio-one-battle-after-another-torrent-agent-tesla/ #FakeOneBattleAfterAnother #Cybersecurity #bitdefender #CyberAttack #AgentTesla #Security #Malware #Torrent #Movies #Fraud #Scam
-
Campagne #Malware #Italy Week 41
🔥 Persistenti
#Ursnif: #AgenziaEntrate
#DarkGate: Resend link a ZIP
#AgentTesla: Pagamento💣 D'eccezione
#RemcosRat: Pagamento
#Lokibot: Bank
#ScreenConnect: Fattura PDF -
2025-01-09 (Thursday):
#CVE-2017-0199 Excel (#XLS) file --> #HTA --> #VBS --> #steganography --> #DBatLoader or #GuLoader style malware for #AgentTesla. Data exfil over FTP. A #pcap from an infection, the associated malware, and more info available at www.malware-traffic-analysis.net/2025/01/09/index.html
-
Top 3 Malware Families in Q4: How to Keep Your SOC Ready https://hackread.com/top-3-malware-families-in-q4-how-to-keep-your-soc-ready/ #ThreatIntelligence #Cybersecurity #Vulnerability #LummaStealer #AgentTesla #Security #Malware #ANYRUN #XWorm #SOC
-
📬 Malware-Gefahren im Jahr 2023: Qbot unangefochten auf Platz eins
#ITSicherheit #Malware #AgentTesla #CheckPointSoftware #DirectoryTraversal #log4j #NanoCore #Qakbot #RemoteCodeExecution #RemoteAccessTrojaner https://tarnkappe.info/artikel/it-sicherheit/malware/malware-gefahren-im-jahr-2023-qbot-unangefochten-auf-platz-eins-275138.html -
Belarusian Government-Linked Threat Actor ‘UNC1151’ Targets Ukraine’s Ministry of Defense https://thecyberexpress.com/unc1151-targets-ukraine-ministry-of-defense/ #UkrainesMinistryofDefence #TheCyberExpressNews #CybersecurityNews #cybersecuritynews #CRILresearchers #TheCyberExpress #FirewallDaily #cybersecurity #ThreatActors #cobaltstrike #AgentTesla #Phishing #njRAT #CRIL
-
Campagne #Malware #Italy Week 29
☠️💣🔥👻
#AgentTesla: Ordine
#Formbook: Offerta
#GuLoader: Fattura Elettronica
#Remcos: Bank
#Lokibot: Delivery
#SmokeLoader: Pagamenti
#Irata: Malware APK
#RedLine: Offerta
#Neshta: Ordine
#Ousaban: Processo
#SnakeKeylogger: Fattura -
Today in our section on "uncoventional #Malware delivery": #ARJ archives! 📦
ARJ (Archived by Robert Jung) has been around since the MS-DOS days and is occasionally used to deliver e.g. #AgentTesla, #Formbook or #GuloaderYou can recognize ARJ archives by their Magic: 60 EA
Extraction can be handled with 7zip for example.
For more information on the file format check out Ange Albertini's excellent graphic representation: https://twitter.com/angealbertini/status/1619006171360395264As an example we dug up a #Lokibot sample from last year where the delivery chain looked like this: ARJ --> RAR --> EXE
To fool the victims into opening the next file they used the common #doubleExtension tick, e.g. .pdf.exeIoC for those playing along at home:
162.0.223[.]13
kbfvzoboss[.]bid
alphastand[.]trade
alphastand[.]win
alphastand[.]top
➡️/alien/fre.phpPO_Payment for invoice[...].eml.arj
d0c8824d1e19ca1af0b88a477fa4cad6SHIPPING_DL-PL-EXPRESS_EXPORT.PDF.exe
88bdf4f8fe035276da984c370e4cda2c -
2025-02-07 (Friday): Today's boring example of #malpsam pushing #GuLoader for #AgentTesla style malware. EXE of this malware available at https://bazaar.abuse.ch/sample/833aae0bc34e211145371b619b7c542864e9f864e26de1690fd2f6be76fcb174
-
2024-11-25 (Monday): I love it when criminals email malware directly to my inbox. This one is #AgentTesla (or #OriginLogger or whatever it's called now) using FTP for data exfiltration.
It sends harvested login credentials, browser cookies and keylogger data to an FTP server at ftp.ercolina-usa[.]com approx every 10 minutes.
As noted in one of the images, two-letter indicators in the file names indicate the type of exfiltrated data:
PW = login credentials harvested from the infected windows host (passwords)
CO = cookies and other data from web browsers on the infected host
KL = Keylogger data from any collected keystrokes on the infected host.
Attached disk image file: https://bazaar.abuse.ch/sample/7a11d2d4ea5b0bf486c6e6695ff919e58aa54babb77061f4bbfe476ce1ec1738
Extracted AgentTesla EXE: https://bazaar.abuse.ch/sample/2362b4a5329f506af677d1e4cac2b92da252afdf4842bf4e8796b43c4ccb6714
-
Here's some data analysis on the victims of the popular infostealer #AgentTesla aka #OriginLogger🔑⌨️🪵 https://www.bitsight.com/blog/data-insights-agenttesla-and-originlogger-victims
-
CapLoader wasn’t designed as an alternative to a traditional NIDS, but the Alerts tab often gives a VERY good overview of the malicious traffic. Here’s a screenshot of CapLoader’s alerts for some recent PCAP files from malware-traffic-analysis.net.
#Lumma #GootLoader #AgentTesla #RURAT #Remcos #RedLine #BackConnect
-
Watch out as fake torrent for DiCaprio’s “One Battle After Another” is spreading Agent Tesla malware through malicious subtitles and hidden scripts.
Read: https://hackread.com/dicaprio-one-battle-after-another-torrent-agent-tesla/
#Cybersecurity #AgentTesla #Malware #Windows #OneBattleAfterAnother
-
FakeUpdates, Remcos, AgentTesla Top Malware Charts in Stealth Attack Surge – Source:hackread.com https://ciso2ciso.com/fakeupdates-remcos-agenttesla-top-malware-charts-in-stealth-attack-surge-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #CyberAttack #FakeUpdates #AgentTesla #Hackread #security #malware #Remcos
-
FakeUpdates, Remcos, AgentTesla Top Malware Charts in Stealth Attack Surge https://hackread.com/fakeupdates-remcos-agenttesla-malware-attack-charts/ #Cybersecurity #CyberAttack #FakeUpdates #AgentTesla #Security #Malware #Remcos
-
2025-02-12 (Wed): #VIP_Recovery (an #AgentTesla variant) from Brazil #malspam --> zip attachment --> extracted EXE.
File name: Factura Gastos.exe
Email accounts for data exfiltration: antonipont@grupobdb[.]com --> cludsewe3@gmail[.]com
EXE available at: https://bazaar.abuse.ch/sample/c7620ccaf9c2d47ba08cf85e65e55ea974f8887e18d96574a1aa63f09e836451/
-
2025-01-31 (Friday): Two pcaps with traffic of #AgentTesla-style data exfil.
One #pcap has FTP exfil, while the other pcap is "VIP Recovery" and has SMTP exfil.
Pcaps available at https://www.malware-traffic-analysis.net/2025/01/31/index.html
-
New TorNet Backdoor Exploits TOR Network in Advanced Phishing Attack – Source:hackread.com https://ciso2ciso.com/new-tornet-backdoor-exploits-tor-network-in-advanced-phishing-attack-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Vulnerability #PhishingScam #CyberAttack #AgentTesla #backdoor #Hackread #Phishing #security #Germany #malware #Poland #TorNet #Tor
-
New TorNet Backdoor Exploits TOR Network in Advanced Phishing Attack https://hackread.com/tornet-backdoor-exploits-tor-network-phishing-attack/ #Cybersecurity #Vulnerability #PhishingScam #CyberAttack #AgentTesla #Security #backdoor #Phishing #Malware #Germany #Poland #TorNet #Tor
-
2024-12-04 (Wednesday): #AgentTesla variant using FTP for data exfiltration.
Don't know if this is OriginLogger Snake (Key) Logger, VIP Recovery/VIP Key Logger, but it's a variant of AgentTesla.
I've posted a sanitized copy of the email distributing the malware, a #pcap from an infection run, the associated #malware samples, and a list of indicators at https://www.malware-traffic-analysis.net/2024/12/04/index.html
-
2025-01-09 (Thursday):
#CVE-2017-0199 Excel (#XLS) file --> #HTA --> #VBS --> #steganography --> #DBatLoader or #GuLoader style malware for #AgentTesla. Data exfil over FTP. A #pcap from an infection, the associated malware, and more info available at www.malware-traffic-analysis.net/2025/01/09/index.html
-
2025-01-09 (Thursday):
#CVE-2017-0199 Excel (#XLS) file --> #HTA --> #VBS --> #steganography --> #DBatLoader or #GuLoader style malware for #AgentTesla. Data exfil over FTP. A #pcap from an infection, the associated malware, and more info available at www.malware-traffic-analysis.net/2025/01/09/index.html
-
2025-01-09 (Thursday):
#CVE-2017-0199 Excel (#XLS) file --> #HTA --> #VBS --> #steganography --> #DBatLoader or #GuLoader style malware for #AgentTesla. Data exfil over FTP. A #pcap from an infection, the associated malware, and more info available at www.malware-traffic-analysis.net/2025/01/09/index.html
-
2025-01-09 (Thursday):
#CVE-2017-0199 Excel (#XLS) file --> #HTA --> #VBS --> #steganography --> #DBatLoader or #GuLoader style malware for #AgentTesla. Data exfil over FTP. A #pcap from an infection, the associated malware, and more info available at www.malware-traffic-analysis.net/2025/01/09/index.html
-
In November, 2022 the most observed payload distributed through malware sites was #Amadey followed by #AgentTesla 🔥
Having a look at unique malware sites reported to URLhaus, we see #Emotet being at the very top of our ranking ⏫
Read more in our monthly malware digest:
👉 https://t.co/4Yg710BJa2 -
⚠️ New day and new "Invio Ordine Accompagnatorio" spread #AgentTesla in #Italy!
-
📬 Foxit PDF Exploit: Ein unbedachter Klick löst Angriffskette aus
#ITSicherheit #AgentTesla #DoNotTeam #Exploid #FOXITPDF #FoxitReader #pdf https://sc.tarnkappe.info/17d3b6 -
New TorNet Backdoor Exploits TOR Network in Advanced Phishing Attack – Source:hackread.com https://ciso2ciso.com/new-tornet-backdoor-exploits-tor-network-in-advanced-phishing-attack-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Vulnerability #PhishingScam #CyberAttack #AgentTesla #backdoor #Hackread #Phishing #security #Germany #malware #Poland #TorNet #Tor
-
New TorNet Backdoor Exploits TOR Network in Advanced Phishing Attack – Source:hackread.com https://ciso2ciso.com/new-tornet-backdoor-exploits-tor-network-in-advanced-phishing-attack-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Vulnerability #PhishingScam #CyberAttack #AgentTesla #backdoor #Hackread #Phishing #security #Germany #malware #Poland #TorNet #Tor
-
New TorNet Backdoor Exploits TOR Network in Advanced Phishing Attack – Source:hackread.com https://ciso2ciso.com/new-tornet-backdoor-exploits-tor-network-in-advanced-phishing-attack-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Vulnerability #PhishingScam #CyberAttack #AgentTesla #backdoor #Hackread #Phishing #security #Germany #malware #Poland #TorNet #Tor
-
New TorNet Backdoor Exploits TOR Network in Advanced Phishing Attack https://hackread.com/tornet-backdoor-exploits-tor-network-phishing-attack/ #Cybersecurity #Vulnerability #PhishingScam #CyberAttack #AgentTesla #Security #backdoor #Phishing #Malware #Germany #Poland #TorNet #Tor
-
New TorNet Backdoor Exploits TOR Network in Advanced Phishing Attack https://hackread.com/tornet-backdoor-exploits-tor-network-phishing-attack/ #Cybersecurity #Vulnerability #PhishingScam #CyberAttack #AgentTesla #Security #backdoor #Phishing #Malware #Germany #Poland #TorNet #Tor
-
New TorNet Backdoor Exploits TOR Network in Advanced Phishing Attack https://hackread.com/tornet-backdoor-exploits-tor-network-phishing-attack/ #Cybersecurity #Vulnerability #PhishingScam #CyberAttack #AgentTesla #Security #backdoor #Phishing #Malware #Germany #Poland #TorNet #Tor
-
Today in our section on "uncoventional #Malware delivery": #ARJ archives! 📦
ARJ (Archived by Robert Jung) has been around since the MS-DOS days and is occasionally used to deliver e.g. #AgentTesla, #Formbook or #GuloaderYou can recognize ARJ archives by their Magic: 60 EA
Extraction can be handled with 7zip for example.
For more information on the file format check out Ange Albertini's excellent graphic representation: https://twitter.com/angealbertini/status/1619006171360395264As an example we dug up a #Lokibot sample from last year where the delivery chain looked like this: ARJ --> RAR --> EXE
To fool the victims into opening the next file they used the common #doubleExtension tick, e.g. .pdf.exeIoC for those playing along at home:
162.0.223[.]13
kbfvzoboss[.]bid
alphastand[.]trade
alphastand[.]win
alphastand[.]top
➡️/alien/fre.phpPO_Payment for invoice[...].eml.arj
d0c8824d1e19ca1af0b88a477fa4cad6SHIPPING_DL-PL-EXPRESS_EXPORT.PDF.exe
88bdf4f8fe035276da984c370e4cda2c -
Today in our section on "uncoventional #Malware delivery": #ARJ archives! 📦
ARJ (Archived by Robert Jung) has been around since the MS-DOS days and is occasionally used to deliver e.g. #AgentTesla, #Formbook or #GuloaderYou can recognize ARJ archives by their Magic: 60 EA
Extraction can be handled with 7zip for example.
For more information on the file format check out Ange Albertini's excellent graphic representation: https://twitter.com/angealbertini/status/1619006171360395264As an example we dug up a #Lokibot sample from last year where the delivery chain looked like this: ARJ --> RAR --> EXE
To fool the victims into opening the next file they used the common #doubleExtension tick, e.g. .pdf.exeIoC for those playing along at home:
162.0.223[.]13
kbfvzoboss[.]bid
alphastand[.]trade
alphastand[.]win
alphastand[.]top
➡️/alien/fre.phpPO_Payment for invoice[...].eml.arj
d0c8824d1e19ca1af0b88a477fa4cad6SHIPPING_DL-PL-EXPRESS_EXPORT.PDF.exe
88bdf4f8fe035276da984c370e4cda2c -
Today in our section on "uncoventional #Malware delivery": #ARJ archives! 📦
ARJ (Archived by Robert Jung) has been around since the MS-DOS days and is occasionally used to deliver e.g. #AgentTesla, #Formbook or #GuloaderYou can recognize ARJ archives by their Magic: 60 EA
Extraction can be handled with 7zip for example.
For more information on the file format check out Ange Albertini's excellent graphic representation: https://twitter.com/angealbertini/status/1619006171360395264As an example we dug up a #Lokibot sample from last year where the delivery chain looked like this: ARJ --> RAR --> EXE
To fool the victims into opening the next file they used the common #doubleExtension tick, e.g. .pdf.exeIoC for those playing along at home:
162.0.223[.]13
kbfvzoboss[.]bid
alphastand[.]trade
alphastand[.]win
alphastand[.]top
➡️/alien/fre.phpPO_Payment for invoice[...].eml.arj
d0c8824d1e19ca1af0b88a477fa4cad6SHIPPING_DL-PL-EXPRESS_EXPORT.PDF.exe
88bdf4f8fe035276da984c370e4cda2c -
📬 Foxit PDF Exploit: Ein unbedachter Klick löst Angriffskette aus
#ITSicherheit #AgentTesla #DoNotTeam #Exploid #FOXITPDF #FoxitReader #pdf https://sc.tarnkappe.info/17d3b6 -
📬 Foxit PDF Exploit: Ein unbedachter Klick löst Angriffskette aus
#ITSicherheit #AgentTesla #DoNotTeam #Exploid #FOXITPDF #FoxitReader #pdf https://sc.tarnkappe.info/17d3b6 -
📬 Foxit PDF Exploit: Ein unbedachter Klick löst Angriffskette aus
#ITSicherheit #AgentTesla #DoNotTeam #Exploid #FOXITPDF #FoxitReader #pdf https://sc.tarnkappe.info/17d3b6