216.73.216.6

New Agent Tesla Campaign Targeting Spanish-Speaking People

· Published 10/06/2024 11:24 · Modified 10/06/2024 11:31

Export JSON

Essential information

Published
10/06/2024 11:24
Modified
10/06/2024 11:31
Tags
2024-06-10 CVE-2017-0199 CVE-2017-11882 agent-tesla infostealer malware obfuscation phishing spain
Related entities
2 vulnerabilities (cve), 6 observables, 14 techniques (mitre), 1 malware

Description

This report analyzes a campaign spreading a new Agent Tesla variant designed to infiltrate victims' computers and steal sensitive information like credentials, email contacts, and system details. It leverages techniques like exploiting Microsoft Office vulnerabilities, executing JavaScript and PowerShell code, process hollowing, and to evade detection. The targets over 80 software applications to harvest credentials and collects email contacts from Thunderbird. Stolen data is exfiltrated via FTP. Fortinet's security services provide protection against this campaign.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

External references