ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Agent Tesla

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Agent Tesla

NamesAgent Tesla
AgentTesla
AgenTesla
Origin Logger
Negasteal
ZPAQ
CategoryMalware
TypeKeylogger, Info stealer
Description(Fortinet) FortiGuard Labs recently captured some malware which was developed using the Microsoft .Net framework. I analyzed one of them, it's a new variant from AgentTasla family. In this blog, I’m going to show you how it is able to steal information from a victim’s machine.

The malware was spread via a Microsoft Word document that contained an auto-executable malicious VBA Macro.
Information<https://www.fortinet.com/blog/threat-research/in-depth-analysis-of-net-malware-javaupdtr.html>
<https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-variant-steals-wifi-credentials/>
<https://researchcenter.paloaltonetworks.com/2017/09/unit42-analyzing-various-layers-agentteslas-packing/>
<https://malwarebreakdown.com/2018/01/11/malspam-entitled-invoice-attched-for-your-reference-delivers-agent-tesla-keylogger/>
<https://www.zscaler.com/blogs/research/agent-tesla-keylogger-delivered-using-cybersquatting>
<https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html>
<https://thisissecurity.stormshield.com/2018/01/12/agent-tesla-campaign/>
<https://blogs.forcepoint.com/security-labs/part-two-camouflage-netting>
<https://www.deepinstinct.com/2020/07/02/agent-tesla-a-lesson-in-how-complexity-gets-you-under-the-radar/>
<https://labs.sentinelone.com/agent-tesla-old-rat-uses-new-tricks-to-stay-on-top/>
<https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/>
<https://www.deepinstinct.com/2020/10/29/the-hasty-agent-agent-tesla-attack-uses-hastebin/>
<https://cofense.com/strategic-analysis-agent-tesla-expands-targeting-and-networking-capabilities/>
<https://news.sophos.com/en-us/2021/02/02/agent-tesla-amps-up-information-stealing-attacks/>
<https://www.riskiq.com/blog/external-threat-management/agent-tesla-trend-analysis/>
<https://www.fortinet.com/blog/threat-research/phishing-malware-hijacks-bitcoin-addresses-delivers-new-agent-tesla-variant>
<https://securityaffairs.co/wordpress/123039/malware/agent-tesla-c2c-dumped.html>
<https://www.fortinet.com/blog/threat-research/fake-purchase-order-used-to-deliver-agent-tesla>
<https://unit42.paloaltonetworks.com/excel-add-ins-malicious-xll-files-agent-tesla/>
<https://unit42.paloaltonetworks.com/malicious-compiled-html-help-file-agent-tesla/>
<https://cofense.com/blog/the-rise-of-agent-tesla-understanding-the-notorious-keylogger/>
<https://www.fortinet.com/blog/threat-research/agent-tesla-variant-spread-by-crafted-excel-document>
<https://www.mcafee.com/blogs/other-blogs/mcafee-labs/agent-teslas-unique-approach-vbs-and-steganography-for-delivery-and-intrusion/>
<https://asec.ahnlab.com/en/57546/>
<https://www.gdatasoftware.com/blog/2023/11/37822-agent-tesla-zpaq>
<https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry>
<https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/agent-teslas-new-ride-the-rise-of-a-novel-loader/>
<https://blog.checkpoint.com/research/agent-tesla-targeting-united-states-australia-revealing-the-attackers-identities/>
<https://cofense.com/blog/agent-tesla-the-punches-keep-coming/>
<https://www.fortinet.com/blog/threat-research/new-agent-tesla-campaign-targeting-spanish-speaking-people>
MITRE ATT&CK<https://attack.mitre.org/software/S0331/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:AgentTesla>
Playbook<https://pan-unit42.github.io/playbook_viewer/?pb=agent-tesla>

Last change to this tool card: 19 June 2024

Download this tool card in JSON format

All groups using tool Agent Tesla

ChangedNameCountryObserved

APT groups

 Aggah[Unknown]2018-Jun 2022 
 Gorgon GroupPakistan2017-Jul 2020 
 OPERA1ER[Unknown]2016-Jul 2023X
 Operation Epic Manchego[Unknown]2020 
 RATicate[Unknown]2019 
 Sweed[Unknown]2017-2019 
 TA2541[Unknown]2017 

7 groups listed (7 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]