Agent Tesla

Malware updated 22 days ago (2024-11-29T14:40:10.729Z)
Download STIX
Preview STIX
Agent Tesla is a well-known malware that primarily targets systems through phishing attacks, exploiting an outdated Microsoft Office vulnerability (CVE-2017-11882). This malicious software is designed to infiltrate computer systems, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data for ransom. Its spread has been facilitated by phishing campaigns that trick users into downloading it, often under the guise of legitimate emails or downloads. The malware was linked to a person known as @Mack_Sant (also identified as @Fucosreal) who was revealed as the originator of the Agent Tesla campaign, according to research conducted by Check Point Research (CPR). The researchers were able to recover data from computers associated with this individual, confirming their involvement in the campaign. Conversations between @Mack_Sant and another individual, Sty1x, further implicated them in testing the capabilities of another malware, Styx Stealer, using the Agent Tesla bot. During their investigation, CPR researchers found a connection between the developers of Styx Stealer and one of the Agent Tesla threat actors. The creator of Styx Stealer had inadvertently revealed his personal details, including Telegram accounts, emails, and contacts, while debugging the stealer on his own computer. This oversight led to the identification of the malware author as an individual operating out of Turkey, demonstrating the occasional operational security lapses even among threat actors. This discovery also provided insight into the broader network of malware operators, revealing competitors such as Redline and Vidar.
Description last updated: 2024-10-08T03:16:09.308Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Payload
Phishing
Vulnerability
Trojan
Spam
Tesla
Exploit
Rat
Remcos
Spyware
Ransomware
Windows
Loader
PowerShell
Infostealer
Fortiguard
Exploits
Shellcode
Email Addres...
Styx
Antivirus
Telegram
Bot
Microsoft
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Formbook Malware is associated with Agent Tesla. Formbook is a type of malware, malicious software designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Formbook has been linked with other forms oUnspecified
5
The Xworm Malware is associated with Agent Tesla. XWorm is a sophisticated piece of malware designed to infiltrate and exploit computer systems, often without the user's knowledge. It can be delivered through various means such as suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operatiUnspecified
2
The NETWIRE Malware is associated with Agent Tesla. NetWire is a type of malware, specifically a remote access trojan (RAT), that has been utilized for various malicious activities since at least 2014. Initially promoted as a legitimate tool for managing Windows computers remotely, NetWire was quickly adopted by cybercriminals and used in phishing atUnspecified
2
The GuLoader Malware is associated with Agent Tesla. GuLoader is a potent malware that has been causing significant cybersecurity concerns. It operates by infecting systems through suspicious downloads, emails, or websites and then proceeds to exploit the system, often stealing personal information, disrupting operations, or holding data hostage for rUnspecified
2
The Emotet Malware is associated with Agent Tesla. Emotet is a notorious malware, short for malicious software, that is designed to exploit and damage computers or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, Unspecified
2
The Redline Malware is associated with Agent Tesla. RedLine is a type of malware, or malicious software, designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage forUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2017-11882 Vulnerability is associated with Agent Tesla. CVE-2017-11882 is a significant software vulnerability, specifically a flaw in the design or implementation of Microsoft's Equation Editor. This vulnerability has been exploited by various threat actors to create malicious RTF files, most notably by Chinese state-sponsored groups using the "Royal RoUnspecified
5
The vulnerability CVE-2018-0802 is associated with Agent Tesla. Unspecified
2
Source Document References
Information about the Agent Tesla Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
2 months ago
DARKReading
4 months ago
Checkpoint
4 months ago
Checkpoint
4 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
ESET
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Fortinet
6 months ago
Checkpoint
7 months ago
Securityaffairs
7 months ago
Flashpoint
7 months ago
Fortinet
8 months ago