Updated on 2022-12-23
Threat actors used Christmas-themed lures to distribute malware and exfiltrate information from victims’ machines. In one campaign, the victims were tricked into downloading the AgentTesla trojan. Read more: Trying to Steal Christmas (Again!)
Updated on 2022-12-16
New research by Check Point revealed that AgentTesla impacted 6% of enterprises across the world, followed by Emotet and QBot at 4%, in November. Read more: November 2022’s Most Wanted Malware: A Month of Comebacks for Trojans as Emotet and Qbot Make an Impact
Updated on 2022-11-20
The Splunk team has a report out on the Agent Tesla remote access trojan and its technical guts and modus operandi. OALABS also has some IOCs and detecting advice for it too. Read more: Inside the Mind of a ‘Rat’ – Agent Tesla Detection and Analysis
Updated on 2022-10-14 Agent Tesla via WSHRAT
Similarly, Uptycs also published a report on a email malspam campaign where a threat actor deployed the Agent Tesla infostealer via the WSHRAT remote access trojan
Updated on 2022-10-06
Security researchers recently discovered a malware builder being sold on the dark web known as “Quantum Builder.” Attackers are using the new builder to deliver an updated version of the Agent Tesla trojan, which is known for stealing and spying on user interactions and keystrokes. Quantum Builder can create malicious shortcut files, and has previously been linked to the Lazarus Group APT. The attackers in this campaign send a spearphishing email to targets that contains a malicious GZIP attachment that holds a malicious shortcut to execute PowerShell code. Read more:
Overview: Agent Tesla campaign
Zscaler has a report out on a new malspam campaign delivering versions of the Agent Tesla keylogger and infostealer. Read more: Agent Tesla RAT Delivered by Quantum Builder With New TTPs
