Agent Tesla
· Published 21/12/2025 07:11 · Modified 21/12/2025 07:11
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 07:11
- Modified
- 21/12/2025 07:11
- Updated at
- 21/12/2025 07:11
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 reports, 18 attack patterns (mitre), 1 malware, 13 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (2)
-
9 MITREs 4 Observables 1 APTPublished 25/02/2026 20:01 · Modified 25/02/2026 20:56
-
11 MITREs 1 Malware 9 Observables 1 APTPublished 18/09/2024 08:32 · Modified 18/09/2024 09:00
Attack patterns (MITRE) (18)
-
T1219 usesRemote Access Tools
-
T1113 usesScreen Capture
-
T1555.003 usesCredentials from Web Browsers
-
T1059.007 usesJavaScript
-
T1027 usesObfuscated Files or Information
-
T1005 usesData from Local System
-
T1566.002 usesSpearphishing Link
-
T1071.001 usesWeb Protocols
-
T1059.001 usesPowerShell
-
T1566.001 usesSpearphishing Attachment
-
T1204.001 usesMalicious Link
-
T1497.001 usesSystem Checks
-
T1539 usesSteal Web Session Cookie
-
T1055.012 usesProcess Hollowing
-
T1056 usesInput Capture
-
T1071.003 usesMail Protocols
-
T1555 usesCredentials from Password Stores
-
T1048.003 usesExfiltration Over Unencrypted Non-C2 Protocol
Malware (1)
-
Agent Tesla - S0331 usesFamilyPublished 15/05/2026 15:23 · Modified 15/05/2026 15:23
Indicators (13)
-
http://198.46.174.139/42/winiti.exeindicates -
cc2b26bbcbaa2d0593e15a45734fe3fd940451fc7290d49bc841c496b906a9c1indicates -
83f9c6a3978d926f2c0155e22008c1bce6510b321031598509a2937add2d5a54indicates -
http://198.46.174.139/71/winiti.exeindicates -
http://198.46.174.139/66077/winiti.exeindicates -
mail.taikei-rmc-co.bizindicates -
b133d75de5010c3a5005606a8e682a08c413364a3921dfbdfbfdde811a866e88indicates -
http://nw.ax/8Kxindicates -
30713c4bfc813848b3ec28eb227d2e439be0e07c77237498553fd5dfa745f278indicates -
http://198.46.174.139/xampp/ezm/ez/somethinggreatwithmeentiretimegetmebackthingsgreatgoinggreatthignseverwewhichamazingthings___________reallygreatthingseverhappened.docindicates -
https://198.46.174.139/xampp/uhb/uh/wethkingwearereallyamazingtogetmebackwithnewthingstounderstandbetterthingsforyou___________________sheisgreattounderstandwearego.docindicates -
http://198.46.174.139/55/winiti.exeindicates -
https://198.46.174.139/55/winiti.exeindicates