ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Agent Tesla

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Agent Tesla

NamesAgent Tesla
AgentTesla
Origin Logger
CategoryMalware
TypeKeylogger, Info stealer
Description(Fortinet) FortiGuard Labs recently captured some malware which was developed using the Microsoft .Net framework. I analyzed one of them, it's a new variant from AgentTasla family. In this blog, I’m going to show you how it is able to steal information from a victim’s machine.

The malware was spread via a Microsoft Word document that contained an auto-executable malicious VBA Macro.
Information<https://www.fortinet.com/blog/threat-research/in-depth-analysis-of-net-malware-javaupdtr.html>
<https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-variant-steals-wifi-credentials/>
<https://researchcenter.paloaltonetworks.com/2017/09/unit42-analyzing-various-layers-agentteslas-packing/>
<https://malwarebreakdown.com/2018/01/11/malspam-entitled-invoice-attched-for-your-reference-delivers-agent-tesla-keylogger/>
<https://www.zscaler.com/blogs/research/agent-tesla-keylogger-delivered-using-cybersquatting>
<https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html>
<https://thisissecurity.stormshield.com/2018/01/12/agent-tesla-campaign/>
<https://blogs.forcepoint.com/security-labs/part-two-camouflage-netting>
<https://www.deepinstinct.com/2020/07/02/agent-tesla-a-lesson-in-how-complexity-gets-you-under-the-radar/>
<https://labs.sentinelone.com/agent-tesla-old-rat-uses-new-tricks-to-stay-on-top/>
<https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/>
<https://www.deepinstinct.com/2020/10/29/the-hasty-agent-agent-tesla-attack-uses-hastebin/>
<https://cofense.com/strategic-analysis-agent-tesla-expands-targeting-and-networking-capabilities/>
<https://news.sophos.com/en-us/2021/02/02/agent-tesla-amps-up-information-stealing-attacks/>
<https://www.riskiq.com/blog/external-threat-management/agent-tesla-trend-analysis/>
<https://www.fortinet.com/blog/threat-research/phishing-malware-hijacks-bitcoin-addresses-delivers-new-agent-tesla-variant>
MITRE ATT&CK<https://attack.mitre.org/software/S0331/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:AgentTesla>

Last change to this tool card: 14 June 2021

Download this tool card in JSON format

Previous: Agent.DNE
Next: agfSpy

All groups using tool Agent Tesla

ChangedNameCountryObserved

APT groups

 Aggah[Unknown]2018-May 2020 
 Gorgon GroupPakistan2017-Jul 2020 
 Operation Epic Manchego[Unknown]2020 
 RATicate[Unknown]2019 
 Sweed[Unknown]2017-2019 

5 groups listed (5 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key