Agent Tesla

Malware updated a month ago (2024-10-08T04:01:11.123Z)

Download STIX

Preview STIX

Agent Tesla is a well-known malware that primarily targets systems through phishing attacks, exploiting an outdated Microsoft Office vulnerability (CVE-2017-11882). This malicious software is designed to infiltrate computer systems, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data for ransom. Its spread has been facilitated by phishing campaigns that trick users into downloading it, often under the guise of legitimate emails or downloads. The malware was linked to a person known as @Mack_Sant (also identified as @Fucosreal) who was revealed as the originator of the Agent Tesla campaign, according to research conducted by Check Point Research (CPR). The researchers were able to recover data from computers associated with this individual, confirming their involvement in the campaign. Conversations between @Mack_Sant and another individual, Sty1x, further implicated them in testing the capabilities of another malware, Styx Stealer, using the Agent Tesla bot. During their investigation, CPR researchers found a connection between the developers of Styx Stealer and one of the Agent Tesla threat actors. The creator of Styx Stealer had inadvertently revealed his personal details, including Telegram accounts, emails, and contacts, while debugging the stealer on his own computer. This oversight led to the identification of the malware author as an individual operating out of Turkey, demonstrating the occasional operational security lapses even among threat actors. This discovery also provided insight into the broader network of malware operators, revealing competitors such as Redline and Vidar.

Description last updated: 2024-10-08T03:16:09.308Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Payload

Phishing

Vulnerability

Trojan

Spam

Tesla

Exploit

Rat

Remcos

Spyware

Ransomware

Windows

Loader

PowerShell

Infostealer

Fortiguard

Exploits

Shellcode

Email Addres...

Styx

Antivirus

Bot

Microsoft

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Formbook Malware is associated with Agent Tesla. Formbook is a type of malware, malicious software designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Formbook has been linked with other forms o	Unspecified	5
The Xworm Malware is associated with Agent Tesla. XWorm is a sophisticated piece of malware designed to infiltrate and exploit computer systems, often without the user's knowledge. It can be delivered through various means such as suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operati	Unspecified	2
The NETWIRE Malware is associated with Agent Tesla. NetWire is a type of malware, specifically a remote access trojan (RAT), that has been utilized for various malicious activities since at least 2014. Initially promoted as a legitimate tool for managing Windows computers remotely, NetWire was quickly adopted by cybercriminals and used in phishing at	Unspecified	2
The GuLoader Malware is associated with Agent Tesla. GuLoader is a potent malware that has been causing significant cybersecurity concerns. It operates by infecting systems through suspicious downloads, emails, or websites and then proceeds to exploit the system, often stealing personal information, disrupting operations, or holding data hostage for r	Unspecified	2
The Emotet Malware is associated with Agent Tesla. Emotet is a notorious malware, short for malicious software, that is designed to exploit and damage computers or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations,	Unspecified	2
The Redline Malware is associated with Agent Tesla. RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It often infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. RedLine has been favored by threat actor	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2017-11882 Vulnerability is associated with Agent Tesla. CVE-2017-11882 is a significant software vulnerability, specifically a flaw in the design or implementation of Microsoft's Equation Editor. This vulnerability has been exploited by various threat actors to create malicious RTF files, most notably by Chinese state-sponsored groups using the "Royal Ro	Unspecified	5
The vulnerability CVE-2018-0802 is associated with Agent Tesla.	Unspecified	2

Source Document References

Information about the Agent Tesla Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	a month ago	Ukrainian Pleads Guilty for Role in Raccoon Stealer Malware
DARKReading	3 months ago	'Styx Stealer' Blows Its Own Cover With Sloppy OpSec Mistake
Checkpoint	3 months ago	19th August – Threat Intelligence Report - Check Point Research
Checkpoint	3 months ago	Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
ESET	4 months ago	Phishing targeting Polish SMBs continues via ModiLoader
Securityaffairs	4 months ago	Phishing campaigns target SMBs in Poland
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	5 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Fortinet	5 months ago	New Agent Tesla Campaign Targeting Spanish-Speaking People \| Fortinet Blog
Checkpoint	6 months ago	Static Unpacking for the Widespread NSIS-based Malicious Packer Family - Check Point Research
Securityaffairs	6 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Flashpoint	6 months ago	Evolving Tactics: How Russian APT Groups Are Shaping Cyber Threats in 2024
Fortinet	6 months ago	Key Findings from the 2H 2023 FortiGuard Labs Threat Report \| FortiGuard Labs