Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Agent Tesla

Agent Tesla is a spyware Trojan written for the .NET framework that has been observed since at least 2014.(Citation: Fortinet Agent Tesla April 2018)(Citation: Bitdefender Agent Tesla April 2020)(Citation: Malwarebytes Agent Tesla April 2020)
ID: S0331
Type: MALWARE
Platforms: Windows
Version: 1.3
Created: 29 Jan 2019
Last Modified: 11 Sep 2023

Techniques Used

Domain ID Name Use
Enterprise T1087 .001 Account Discovery: Local Account

Agent Tesla can collect account information from the victim’s machine.(Citation: DigiTrust Agent Tesla Jan 2017)

Enterprise T1071 .001 Application Layer Protocol: Web Protocols

Agent Tesla has used HTTP for C2 communications.(Citation: DigiTrust Agent Tesla Jan 2017)(Citation: Fortinet Agent Tesla June 2017)

.003 Application Layer Protocol: Mail Protocols

Agent Tesla has used SMTP for C2 communications.(Citation: Cofense Agent Tesla)(Citation: Fortinet Agent Tesla June 2017)(Citation: Bitdefender Agent Tesla April 2020)

Enterprise T1547 .001 Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Agent Tesla can add itself to the Registry as a startup program to establish persistence.(Citation: Fortinet Agent Tesla April 2018)(Citation: SentinelLabs Agent Tesla Aug 2020)

Enterprise T1555 .003 Credentials from Password Stores: Credentials from Web Browsers

Agent Tesla can gather credentials from a number of browsers.(Citation: Bitdefender Agent Tesla April 2020)

Enterprise T1048 .003 Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted Non-C2 Protocol

Agent Tesla has routines for exfiltration over SMTP, FTP, and HTTP.(Citation: Talos Agent Tesla Oct 2018)(Citation: Bitdefender Agent Tesla April 2020)(Citation: SentinelLabs Agent Tesla Aug 2020)

Enterprise T1564 .001 Hide Artifacts: Hidden Files and Directories

Agent Tesla has created hidden folders.(Citation: SentinelLabs Agent Tesla Aug 2020)

.003 Hide Artifacts: Hidden Window

Agent Tesla has used ProcessWindowStyle.Hidden to hide windows.(Citation: Malwarebytes Agent Tesla April 2020)

Enterprise T1562 .001 Impair Defenses: Disable or Modify Tools

Agent Tesla has the capability to kill any running analysis processes and AV software.(Citation: Fortinet Agent Tesla June 2017)

Enterprise T1056 .001 Input Capture: Keylogging

Agent Tesla can log keystrokes on the victim’s machine.(Citation: Talos Agent Tesla Oct 2018)(Citation: DigiTrust Agent Tesla Jan 2017)(Citation: Fortinet Agent Tesla June 2017)(Citation: Bitdefender Agent Tesla April 2020)(Citation: SentinelLabs Agent Tesla Aug 2020)

Enterprise T1566 .001 Phishing: Spearphishing Attachment

The primary delivered mechanism for Agent Tesla is through email phishing messages.(Citation: Bitdefender Agent Tesla April 2020)

Enterprise T1055 .012 Process Injection: Process Hollowing

Agent Tesla has used process hollowing to create and manipulate processes through sections of unmapped memory by reallocating that space with its malicious code.(Citation: SentinelLabs Agent Tesla Aug 2020)

Enterprise T1053 .005 Scheduled Task/Job: Scheduled Task

Agent Tesla has achieved persistence via scheduled tasks.(Citation: SentinelLabs Agent Tesla Aug 2020)

Enterprise T1218 .009 System Binary Proxy Execution: Regsvcs/Regasm

Agent Tesla has dropped RegAsm.exe onto systems for performing malicious activity.(Citation: SentinelLabs Agent Tesla Aug 2020)

Enterprise T1016 .002 System Network Configuration Discovery: Wi-Fi Discovery

Agent Tesla can collect names and passwords of all Wi-Fi networks to which a device has previously connected.(Citation: Malwarebytes Agent Tesla April 2020)

Enterprise T1552 .001 Unsecured Credentials: Credentials In Files

Agent Tesla has the ability to extract credentials from configuration or support files.(Citation: SentinelLabs Agent Tesla Aug 2020)

.002 Unsecured Credentials: Credentials in Registry

Agent Tesla has the ability to extract credentials from the Registry.(Citation: SentinelLabs Agent Tesla Aug 2020)

Enterprise T1204 .002 User Execution: Malicious File

Agent Tesla has been executed through malicious e-mail attachments (Citation: Bitdefender Agent Tesla April 2020)

Groups That Use This Software

ID Name References
G0083 SilverTerrier

(Citation: Unit42 SilverTerrier 2018)

G1018 TA2541

(Citation: Proofpoint TA2541 February 2022)

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.