| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Actor(s): SWEED
URLhausA .NET based keylogger and RAT readily available to actors. Logs keystrokes and the host's clipboard and beacons this information back to the C2.
| 2022-05-19 ⋅ Blackberry ⋅ .NET Stubs: Sowing the Seeds of Discord (PureCrypter) Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate |
| 2022-05-19 ⋅ Blackberry ⋅ .NET Stubs: Sowing the Seeds of Discord Agent Tesla Quasar RAT WhisperGate |
| 2022-05-12 ⋅ Palo Alto Networks Unit 42 ⋅ Harmful Help: Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla Agent Tesla |
| 2022-05-05 ⋅ Malwarebytes Labs ⋅ Nigerian Tesla: 419 scammer gone malware distributor unmasked Agent Tesla |
| 2022-04-12 ⋅ Check Point ⋅ March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance Alien FluBot Agent Tesla Emotet |
| 2022-03-31 ⋅ APNIC ⋅ How to: Detect and prevent common data exfiltration attacks Agent Tesla DNSMessenger PingBack Rising Sun |
| 2022-03-26 ⋅ forensicitguy ⋅ An AgentTesla Sample Using VBA Macros and Certutil Agent Tesla |
| 2022-03-25 ⋅ GOV.UA ⋅ Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22 Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora |
| 2022-03-07 ⋅ Fortinet ⋅ Fake Purchase Order Used to Deliver Agent Tesla Agent Tesla |
| 2022-03-07 ⋅ LAC WATCH ⋅ I CAN'T HEAR YOU NOW! INTERNAL BEHAVIOR OF INFORMATION-STEALING MALWARE AND JSOC DETECTION TRENDS Xloader Agent Tesla Formbook Loki Password Stealer (PWS) |
| 2022-03-04 ⋅ Bitdefender ⋅ Bitdefender Labs Sees Increased Malicious and Scam Activity Exploiting the War in Ukraine Agent Tesla Remcos |
| 2022-03-04 ⋅ Bleeping Computer ⋅ Russia-Ukraine war exploited as lure for malware distribution Agent Tesla Remcos |
| 2022-02-23 ⋅ Weixin ⋅ APT-C-58 (Gorgon Group) attack warning Agent Tesla |
| 2022-02-06 ⋅ forensicitguy ⋅ AgentTesla From RTF Exploitation to .NET Tradecraft Agent Tesla |
| 2022-02-02 ⋅ Qualys ⋅ Catching the RAT called Agent Tesla Agent Tesla |
| 2022-01-25 ⋅ Palo Alto Networks Unit 42 ⋅ Weaponization of Excel Add-Ins Part 1: Malicious XLL Files and Agent Tesla Case Studies Agent Tesla |
| 2022-01-24 ⋅ Proofpoint ⋅ DTPacker – a .NET Packer with a Curious Password Agent Tesla |
| 2022-01-24 ⋅ Netskope ⋅ Infected PowerPoint Files Using Cloud Services to Deliver Multiple Malware Agent Tesla |
| 2022-01-21 ⋅ MalGamy ⋅ Deep Analysis Agent Tesla Malware Agent Tesla |
| 2022-01-12 ⋅ Deep analysis agent tesla malware Agent Tesla |
| 2022-01-12 ⋅ 2021 Gorgon Group APT Operation Agent Tesla |
| 2022-01-03 ⋅ forensicitguy ⋅ A Tale of Two Dropper Scripts for Agent Tesla Agent Tesla |
| 2021-12-31 ⋅ InfoSec Handlers Diary Blog ⋅ Do you want your Agent Tesla in the 300 MB or 8 kB package? Agent Tesla |
| 2021-12-30 ⋅ InfoSec Handlers Diary Blog ⋅ Agent Tesla Updates SMTP Data Exfiltration Technique Agent Tesla |
| 2021-12-20 ⋅ InfoSec Handlers Diary Blog ⋅ PowerPoint attachments, Agent Tesla and code reuse in malware Agent Tesla |
| 2021-12-17 ⋅ Yoroi ⋅ Serverless InfoStealer delivered in Est European Countries Agent Tesla |
| 2021-12-08 ⋅ YouTube ( DuMp-GuY TrIcKsTeR) ⋅ Full malware analysis Work-Flow of AgentTesla Malware Agent Tesla |
| 2021-12-06 ⋅ MalwareBookReports ⋅ AGENT TESLAGGAH Agent Tesla |
| 2021-12-02 ⋅ AhnLab ⋅ Spreading AgentTesla through more sophisticated malicious PPT Agent Tesla |
| 2021-11-22 ⋅ YouTube ( DuMp-GuY TrIcKsTeR) ⋅ Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1] Agent Tesla |
| 2021-11-22 ⋅ YouTube ( DuMp-GuY TrIcKsTeR) ⋅ Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part2] Agent Tesla |
| 2021-11-16 ⋅ Yoroi ⋅ Office Documents: May the XLL technique change the threat Landscape in 2022? Agent Tesla Dridex Formbook |
| 2021-11-12 ⋅ Living Code ⋅ AgentTesla dropped via NSIS installer Agent Tesla |
| 2021-11-02 ⋅ InQuest ⋅ Adults Only Malware Lures Agent Tesla |
| 2021-10-06 ⋅ zimperium ⋅ Malware Distribution with Mana Tools Agent Tesla Azorult |
| 2021-09-15 ⋅ Telsy ⋅ REMCOS and Agent Tesla loaded into memory with Rezer0 loader Agent Tesla Remcos |
| 2021-09-08 ⋅ Juniper ⋅ Aggah Malware Campaign Expands to Zendesk and GitHub to Host Its Malware Agent Tesla |
| 2021-07-28 ⋅ RiskIQ ⋅ Use of XAMPP Web Component to Identify Agent Tesla Infrastructure Agent Tesla |
| 2021-07-24 ⋅ InfoSec Handlers Diary Blog ⋅ Agent.Tesla Dropped via a .daa Image and Talking to Telegram Agent Tesla |
| 2021-07-12 ⋅ IBM ⋅ RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
| 2021-07-12 ⋅ Cipher Tech Solutions ⋅ RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
| 2021-06-29 ⋅ Yoroi ⋅ The "WayBack” Campaign: a Large Scale Operation Hiding in Plain Sight Agent Tesla Cobian RAT Oski Stealer |
| 2021-06-24 ⋅ Blackberry ⋅ Threat Thursday: Agent Tesla Infostealer Agent Tesla |
| 2021-06-24 ⋅ Trustwave ⋅ Yet Another Archive Format Smuggling Malware Agent Tesla |
| 2021-06-11 ⋅ NSFOCUS ⋅ Nigerian Hacker Organization SWEED is Distributing Phishing Documents Targeting the Logistics Industry Agent Tesla |
| 2021-06-04 ⋅ Fortinet ⋅ Phishing Malware Hijacks Bitcoin Addresses and Delivers New Agent Tesla Variant Agent Tesla |
| 2021-06-02 ⋅ Sophos ⋅ AMSI bypasses remain tricks of the malware trade Agent Tesla Cobalt Strike Meterpreter |
| 2021-05-18 ⋅ Youtube (AhmedS Kasmani) ⋅ Malware Analysis: Agent Tesla Part 1/2 Extraction of final payload from dropper. Agent Tesla |
| 2021-05-11 ⋅ Twitter (@MsftSecIntel) ⋅ Tweet on Snip3 crypter delivering AsyncRAT or AgentTesla Agent Tesla AsyncRAT |
| 2021-05-11 ⋅ VMRay ⋅ Threat Bulletin: Exploring the Differences and Similarities of Agent Tesla v2 & v3 Agent Tesla |
| 2021-05-07 ⋅ Morphisec ⋅ Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader Agent Tesla AsyncRAT NetWire RC Revenge RAT |
| 2021-05-05 ⋅ Zscaler ⋅ Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos |
| 2021-04-21 ⋅ SophosLabs Uncut ⋅ Nearly half of malware now use TLS to conceal communications Agent Tesla Cobalt Strike Dridex SystemBC |
| 2021-04-04 ⋅ menshaway blogspot ⋅ Technical report of AgentTesla Agent Tesla |
| 2021-03-17 ⋅ HP ⋅ Threat Insights Report Q4-2020 Agent Tesla BitRAT ComodoSec Dridex Emotet Ficker Stealer Formbook Zloader |
| 2021-02-28 ⋅ PWC UK ⋅ Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare |
| 2021-02-25 ⋅ Minerva ⋅ Preventing AgentTelsa Infiltration Agent Tesla |
| 2021-02-12 ⋅ Trustwave ⋅ The Many Roads Leading To Agent Tesla Agent Tesla |
| 2021-02-12 ⋅ InfoSec Handlers Diary Blog ⋅ AgentTesla Dropped Through Automatic Click in Microsoft Help File Agent Tesla |
| 2021-02-11 ⋅ InfoSec Handlers Diary Blog ⋅ Agent Tesla hidden in a historical anti-malware tool Agent Tesla |
| 2021-01-21 ⋅ DENEXUS ⋅ Spear Phishing Targeting ICS Supply Chain - Analysis Agent Tesla |
| 2021-01-11 ⋅ ESET Research ⋅ Operation Spalax: Targeted malware attacks in Colombia Agent Tesla AsyncRAT NjRAT Remcos |
| 2021-01-09 ⋅ Marco Ramilli's Blog ⋅ Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
| 2021 ⋅ Secureworks ⋅ Threat Profile: GOLD GALLEON Agent Tesla HawkEye Keylogger Pony GOLD GALLEON |
| 2020-12-21 ⋅ Cisco Talos ⋅ 2020: The year in malware WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader |
| 2020-12-18 ⋅ Trend Micro ⋅ Negasteal Uses Hastebin for Fileless Delivery of Crysis Ransomware Agent Tesla Dharma |
| 2020-12-15 ⋅ Cofense ⋅ Strategic Analysis: Agent Tesla Expands Targeting and Networking Capabilities Agent Tesla |
| 2020-12-10 ⋅ US-CERT ⋅ Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus |
| 2020-12-07 ⋅ Proofpoint ⋅ Commodity .NET Packers use Embedded Images to Hide Payloads Agent Tesla Loki Password Stealer (PWS) Remcos |
| 2020-12-04 ⋅ Inde ⋅ Inside a .NET Stealer: AgentTesla Agent Tesla |
| 2020-12-03 ⋅ Telsy ⋅ When a false flagdoesn’t work: Exploring the digital-crimeunderground at campaign preparation stage Agent Tesla |
| 2020-11-27 ⋅ HP ⋅ Aggah Campaign’s Latest Tactics: Victimology, PowerPoint Dropper and Cryptocurrency Stealer Agent Tesla |
| 2020-11-18 ⋅ G Data ⋅ Business as usual: Criminal Activities in Times of a Global Pandemic Agent Tesla Nanocore RAT NetWire RC Remcos |
| 2020-11-18 ⋅ Sophos ⋅ SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world Agent Tesla Dridex TrickBot Zloader |
| 2020-11-05 ⋅ Morphisec ⋅ Agent Tesla: A Day in a Life of IR Agent Tesla |
| 2020-10-16 ⋅ Hornetsecurity ⋅ VBA Purging Malspam Campaigns Agent Tesla Formbook |
| 2020-10-05 ⋅ Juniper ⋅ New pastebin-like service used in multiple malware campaigns Agent Tesla LimeRAT RedLine Stealer |
| 2020-09-03 ⋅ Medium mariohenkel ⋅ Decrypting AgentTesla strings and config Agent Tesla |
| 2020-08-27 ⋅ MalWatch ⋅ Win.Trojan.AgentTesla - Malware analysis & threat intelligence report Agent Tesla |
| 2020-08-26 ⋅ Lab52 ⋅ A twisted malware infection chain Agent Tesla Loki Password Stealer (PWS) |
| 2020-08-10 ⋅ Seqrite ⋅ Gorgon APT targeting MSME sector in India Agent Tesla |
| 2020-08-10 ⋅ SentinelOne ⋅ Agent Tesla | Old RAT Uses New Tricks to Stay on Top Agent Tesla |
| 2020-07-30 ⋅ Spamhaus ⋅ Spamhaus Botnet Threat Update Q2 2020 AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader |
| 2020-06-02 ⋅ Lastline Labs ⋅ Evolution of Excel 4.0 Macro Weaponization Agent Tesla DanaBot ISFB TrickBot Zloader |
| 2020-05-23 ⋅ InfoSec Handlers Diary Blog ⋅ AgentTesla Delivered via a Malicious PowerPoint Add-In Agent Tesla |
| 2020-05-22 ⋅ Yoroi ⋅ Cyber-Criminal espionage Operation insists on Italian Manufacturing Agent Tesla |
| 2020-05-14 ⋅ SophosLabs ⋅ RATicate: an attacker’s waves of information-stealing malware Agent Tesla BetaBot BlackRemote Formbook Loki Password Stealer (PWS) NetWire RC NjRAT Remcos |
| 2020-04-16 ⋅ Malwarebytes ⋅ New AgentTesla variant steals WiFi credentials Agent Tesla |
| 2020-04-15 ⋅ How Analysing an AgentTesla Could Lead To Attackers Inbox - Part II Agent Tesla |
| 2020-04-14 ⋅ Palo Alto Networks Unit 42 ⋅ Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns Agent Tesla EDA2 |
| 2020-04-13 ⋅ How Analysing an AgentTesla Could Lead To Attackers Inbox - Part I Agent Tesla |
| 2020-04-05 ⋅ MalwrAnalysis ⋅ Trojan Agent Tesla – Malware Analysis Agent Tesla |
| 2020-03-24 ⋅ RiskIQ ⋅ Exploring Agent Tesla Infrastructure Agent Tesla |
| 2020-03-18 ⋅ Proofpoint ⋅ Coronavirus Threat Landscape Update Agent Tesla Get2 ISFB Remcos |
| 2020-02-26 ⋅ MalwareLab.pl ⋅ (Ab)using bash-fu to analyze recent Aggah sample Agent Tesla |
| 2020-02-02 ⋅ Sophos Labs ⋅ Agent Tesla amps up information stealing attacks Agent Tesla |
| 2020 ⋅ Secureworks ⋅ GOLD GALLEON Agent Tesla HawkEye Keylogger Pony Predator The Thief |
| 2019-09-26 ⋅ Proofpoint ⋅ New WhiteShadow downloader uses Microsoft SQL to retrieve malware WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos |
| 2019-07-15 ⋅ Cisco Talos ⋅ SWEED: Exposing years of Agent Tesla campaigns Agent Tesla Formbook Loki Password Stealer (PWS) SWEED |
| 2018-04-18 ⋅ Secureworks ⋅ GOLD GALLEON: How a Nigerian Cyber Crew Plunders the Shipping Industry Agent Tesla HawkEye Keylogger Pony GOLD GALLEON |
| 2018-04-05 ⋅ Fortinet ⋅ Analysis of New Agent Tesla Spyware Variant Agent Tesla |
| 2018-01-12 ⋅ Stormshield ⋅ Analyzing an Agent Tesla campaign: from a word document to the attacker credentials Agent Tesla |
| 2017-09-25 ⋅ Palo Alto Networks Unit 42 ⋅ Analyzing the Various Layers of AgentTesla’s Packing Agent Tesla |
| 2017-06-28 ⋅ Fortinet ⋅ In-Depth Analysis of A New Variant of .NET Malware AgentTesla Agent Tesla |
| 2016-08 ⋅ Zscaler ⋅ Agent Tesla Keylogger delivered using cybersquatting Agent Tesla |