IOC Radar
TLP:WHITE19 IOCs

LATAM Under Siege: Agent Tesla’s 18-Month Credential Theft Campaign Against Chilean Enterprises

AC
ANY.RUN Cybersecurity Blog
Published May 14, 2026Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYSandwormINFRASTRUCTURE208.95.112.1ftp://ftp.horeca-bucu…email.elrif.comCAPABILITYAgentTeslaMETA StealerVICTIMunknown
Adversary(1)
Infrastructure(5)
Capability(2)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise19

TypeIndicatorConfidenceScoreFirst Seen
SHA256c61b1941cf756eb7551f7c661743802362728b785adc22e860d269713dfb01a6
file-hashintel-blogmalware
Medium
53
Jun 2, 26
MD5f87d105625dbc96f63d5b4b81dce4c39
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA25643d09743a69c9afa7156bf4e2bf7423b3d5f5ad7d54c4c3fb8a698d526778057
file-hashintel-blogmalware
Medium
53
Jun 2, 26
IP208.95.112.1
intel-blogmalwarenetwork
High
58
Jun 2, 26
SHA1b50b3800b17ad7ad5c4483c0b6b24d1d151a9d10
file-hashintel-blogmalware
Medium
53
Jun 2, 26
MD578ba57f4a164bedc26204296ea09bb8f
file-hashintel-blogmalware
Medium
53
Jun 2, 26
MD5a7eeead9c868d9944ed1c1f113328f32
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256d5b7247c497788cf0031ceb06e3df77a45fef59f1e49633dc7159816d64759b5
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256948c8c69fe02eda9231aebfa5c626335307058ac74a5c3c40b346179a1bfc982
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
file-hashintel-blogloader
Medium
53
Jun 2, 26
SHA2567929355856a2a85d48f95d230cd74fbb5ad554bed49e73b1800136c4bcccd1a8
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256f1c3ebe78bd8c38559bf3cfcc9a9fa37d221e31780774a3787e26160a61f5348
file-hashintel-blogmalware
Medium
53
Jun 2, 26
URLftp://ftp.horeca-bucuresti.ro
intel-blogmalwarenetwork
High
58
Jun 2, 26
Domainemail.elrif.com
intel-blogmalwarenetwork
High
58
Jun 2, 26
Domainemail.v.todotramitesperu.com.elgartizocon.ro
intel-blogmalwarenetwork
High
58
Jun 2, 26
IP89.39.83.184
c2exfiltrationintel-blog
High
58
Jun 2, 26
Email[email protected]
emailintel-blogmalware
High
58
Jun 2, 26
SHA256c356aff1a01c2b0da472e584c8e3c8f875b9a24280435d42836a77b19f5a8c18
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256cd83f5ceb2d014badfa991106a9d37a6aeab9043d60d796ad0f16d36cdfa5703
file-hashintel-blogmalware
Medium
53
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph19 total IOCs
SHA256MD5IPSHA1URLDomainEmail
SHA2569MD53IP2Domain2SHA11URL1Email1Actors1Malware2REPORTLATAM Under Siege: Agent TSandwormAgentTeslaMETA Stealer
scroll to zoom · drag to pan · click IOC to open