Description
[Agent Tesla](https://attack.mitre.org/software/S0331) is a spyware Trojan written for the .NET framework that has been observed since at least 2014.(Citation: Fortinet Agent Tesla April 2018)(Citation: Bitdefender Agent Tesla April 2020)(Citation: Malwarebytes Agent Tesla April 2020)
External References
Techniques Used by This Malware
- T1016 — System Network Configuration Discovery
- T1016.002 — Wi-Fi Discovery
- T1027 — Obfuscated Files or Information
- T1033 — System Owner/User Discovery
- T1047 — Windows Management Instrumentation
- T1048.003 — Exfiltration Over Unencrypted Non-C2 Protocol
- T1053.005 — Scheduled Task
- T1055 — Process Injection
- T1055.012 — Process Hollowing
- T1056.001 — Keylogging
- T1057 — Process Discovery
- T1071.001 — Web Protocols
- T1071.003 — Mail Protocols
- T1082 — System Information Discovery
- T1087.001 — Local Account
- T1105 — Ingress Tool Transfer
- T1112 — Modify Registry
- T1113 — Screen Capture
- T1115 — Clipboard Data
- T1124 — System Time Discovery
- T1125 — Video Capture
- T1140 — Deobfuscate/Decode Files or Information
- T1185 — Browser Session Hijacking
- T1203 — Exploitation for Client Execution
- T1204.002 — Malicious File
- T1218.009 — Regsvcs/Regasm
- T1497 — Virtualization/Sandbox Evasion
- T1547.001 — Registry Run Keys / Startup Folder
- T1552.001 — Credentials In Files
- T1552.002 — Credentials in Registry
- T1555 — Credentials from Password Stores
- T1555.003 — Credentials from Web Browsers
- T1560 — Archive Collected Data
- T1562.001 — Disable or Modify Tools
- T1564.001 — Hidden Files and Directories
- T1564.003 — Hidden Window
- T1566.001 — Spearphishing Attachment