Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-07Twitter (@embee_research)Matthew
@online{matthew:20230507:agenttesla:65bf8af, author = {Matthew}, title = {{AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints}}, date = {2023-05-07}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/agenttesla-full-analysis-api-hashing/}, language = {English}, urldate = {2023-05-08} } AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints
Agent Tesla
2023-04-07ElasticSalim Bitam
@online{bitam:20230407:attack:aed6a32, author = {Salim Bitam}, title = {{Attack chain leads to XWORM and AGENTTESLA}}, date = {2023-04-07}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla}, language = {English}, urldate = {2023-05-08} } Attack chain leads to XWORM and AGENTTESLA
Agent Tesla XWorm
2023-03-23LogpointAnish Bogati
@online{bogati:20230323:emerging:3b75884, author = {Anish Bogati}, title = {{Emerging Threats: AgentTesla – A Review and Detection Strategies}}, date = {2023-03-23}, organization = {Logpoint}, url = {https://www.logpoint.com/en/blog/agentteslas-capabilities-review-detection-strategies/}, language = {English}, urldate = {2023-04-12} } Emerging Threats: AgentTesla – A Review and Detection Strategies
Agent Tesla
2023-02-08NTT SecurityRyu Hiyoshi
@online{hiyoshi:20230208:steelclover:0f3b85a, author = {Ryu Hiyoshi}, title = {{SteelClover Attacks Distributing Malware Via Google Ads Increased}}, date = {2023-02-08}, organization = {NTT Security}, url = {https://insight-jp.nttsecurity.com/post/102i7af/steelclovergoogle}, language = {English}, urldate = {2023-02-13} } SteelClover Attacks Distributing Malware Via Google Ads Increased
BATLOADER ISFB RedLine Stealer
2022-09-29NTTNTT Security Holdings Corporation
@techreport{corporation:20220929:report:1615dab, author = {NTT Security Holdings Corporation}, title = {{Report on APT Attacks by BlackTech}}, date = {2022-09-29}, institution = {NTT}, url = {https://jp.security.ntt/resources/EN-BlackTech_2021.pdf}, language = {English}, urldate = {2022-09-30} } Report on APT Attacks by BlackTech
Bifrost PLEAD TSCookie Flagpro Gh0stTimes SelfMake Loader SPIDERPIG RAT
2022-07-20Cert-UACert-UA
@online{certua:20220720:cyberattack:3450ba8, author = {Cert-UA}, title = {{Cyberattack on State Organizations of Ukraine using the topic OK "South" and the malicious program AgentTesla (CERT-UA#4987)}}, date = {2022-07-20}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/861292}, language = {Ukrainian}, urldate = {2022-07-25} } Cyberattack on State Organizations of Ukraine using the topic OK "South" and the malicious program AgentTesla (CERT-UA#4987)
Agent Tesla
2022-05-11NTT Security HoldingsNTT Security Holdings
@online{holdings:20220511:analysis:646c94e, author = {NTT Security Holdings}, title = {{Analysis of an Iranian APTs “E400” PowGoop Variant Reveals Dozens of Control Servers Dating Back to 2020}}, date = {2022-05-11}, organization = {NTT Security Holdings}, url = {https://www.security.ntt/blog/analysis-of-an-iranian-apts-e400-powgoop-variant}, language = {English}, urldate = {2022-05-25} } Analysis of an Iranian APTs “E400” PowGoop Variant Reveals Dozens of Control Servers Dating Back to 2020
PowGoop
2022-05-11NTTRyu Hiyoshi
@online{hiyoshi:20220511:operation:b5a845d, author = {Ryu Hiyoshi}, title = {{Operation RestyLink: Targeted attack campaign targeting Japanese companies}}, date = {2022-05-11}, organization = {NTT}, url = {https://insight-jp.nttsecurity.com/post/102ho8o/operation-restylink}, language = {Japanese}, urldate = {2022-05-11} } Operation RestyLink: Targeted attack campaign targeting Japanese companies
Cobalt Strike
2022-03-26forensicitguyTony Lambert
@online{lambert:20220326:agenttesla:edea93d, author = {Tony Lambert}, title = {{An AgentTesla Sample Using VBA Macros and Certutil}}, date = {2022-03-26}, organization = {forensicitguy}, url = {https://forensicitguy.github.io/agenttesla-vba-certutil-download/}, language = {English}, urldate = {2022-03-28} } An AgentTesla Sample Using VBA Macros and Certutil
Agent Tesla
2022-02-06forensicitguyTony Lambert
@online{lambert:20220206:agenttesla:6d362f7, author = {Tony Lambert}, title = {{AgentTesla From RTF Exploitation to .NET Tradecraft}}, date = {2022-02-06}, organization = {forensicitguy}, url = {https://forensicitguy.github.io/agenttesla-rtf-dotnet-tradecraft/}, language = {English}, urldate = {2022-02-07} } AgentTesla From RTF Exploitation to .NET Tradecraft
Agent Tesla
2021-12-28NTTHiroki Hada
@online{hada:20211228:flagpro:1263fb7, author = {Hiroki Hada}, title = {{Flagpro: The new malware used by BlackTech}}, date = {2021-12-28}, organization = {NTT}, url = {https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech}, language = {English}, urldate = {2021-12-31} } Flagpro: The new malware used by BlackTech
Flagpro
2021-12-08YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20211208:full:4bf6148, author = {Jiří Vinopal}, title = {{Full malware analysis Work-Flow of AgentTesla Malware}}, date = {2021-12-08}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://youtu.be/QQuRp7Qiuzg}, language = {English}, urldate = {2021-12-08} } Full malware analysis Work-Flow of AgentTesla Malware
Agent Tesla
2021-12-02AhnLabASEC Analysis Team
@online{team:20211202:spreading:82866e8, author = {ASEC Analysis Team}, title = {{Spreading AgentTesla through more sophisticated malicious PPT}}, date = {2021-12-02}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/29133/}, language = {Korean}, urldate = {2021-12-07} } Spreading AgentTesla through more sophisticated malicious PPT
Agent Tesla
2021-11-22YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20211122:powershell:37baf25, author = {Jiří Vinopal}, title = {{Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1]}}, date = {2021-11-22}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://youtu.be/hxaeWyK8gMI}, language = {English}, urldate = {2021-11-26} } Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1]
Agent Tesla
2021-11-22YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
@online{vinopal:20211122:powershell:b15c355, author = {Jiří Vinopal}, title = {{Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part2]}}, date = {2021-11-22}, organization = {YouTube ( DuMp-GuY TrIcKsTeR)}, url = {https://youtu.be/BM38OshcozE}, language = {English}, urldate = {2021-11-26} } Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part2]
Agent Tesla
2021-11-12Living CodeDominik Degroot
@online{degroot:20211112:agenttesla:d69002b, author = {Dominik Degroot}, title = {{AgentTesla dropped via NSIS installer}}, date = {2021-11-12}, organization = {Living Code}, url = {http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/}, language = {English}, urldate = {2021-11-17} } AgentTesla dropped via NSIS installer
Agent Tesla
2021-10-19NTTThreat Detection Team Security division of NTT
@online{ntt:20211019:layered:92e34d1, author = {Threat Detection Team Security division of NTT}, title = {{The layered infrastructure operated by APT29}}, date = {2021-10-19}, organization = {NTT}, url = {https://services.global.ntt/en-us/insights/blog/the-layered-infrastructure-operated-by-apt29}, language = {English}, urldate = {2021-12-31} } The layered infrastructure operated by APT29
elf.wellmess
2021-10-13Anchored Narratives on Threat Intelligence and GeopoliticsRJM
@online{rjm:20211013:trouble:c988e46, author = {RJM}, title = {{Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor.}}, date = {2021-10-13}, organization = {Anchored Narratives on Threat Intelligence and Geopolitics}, url = {https://anchorednarratives.substack.com/p/trouble-in-asia-and-the-middle-east}, language = {English}, urldate = {2021-10-14} } Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor.
Crimson RAT
2021-10-08NTTHiroki Hada, Rintaro Koike, Fumio Ozawa
@online{hada:20211008:malware:bfcbd46, author = {Hiroki Hada and Rintaro Koike and Fumio Ozawa}, title = {{Malware Flagpro used by targeted attack group BlackTech}}, date = {2021-10-08}, organization = {NTT}, url = {https://insight-jp.nttsecurity.com/post/102h7vx/blacktechflagpro}, language = {Japanese}, urldate = {2021-10-24} } Malware Flagpro used by targeted attack group BlackTech
Flagpro
2021-06-18YouTube (jnpc)Yuu Arai, Twitter (@yarai1978)
@online{arai:20210618:cyber:efd5b54, author = {Yuu Arai and Twitter (@yarai1978)}, title = {{"Cyber ​​Security" Yu Arai, NTT DATA Executive Security Analyst}}, date = {2021-06-18}, organization = {YouTube (jnpc)}, url = {https://www.youtube.com/watch?v=2GRhJgF49vA&ab_channel=jnpc}, language = {Japanese}, urldate = {2021-06-22} } "Cyber ​​Security" Yu Arai, NTT DATA Executive Security Analyst