In recent years, the AgentTesla secret-stealing Trojan has continued to be active, and Antiy CERT has repeatedly monitored attacks targeting domestic government, enterprise institutions, and colleges and universities to deliver this secret-stealing Trojan. Since February this year , Antiy CERT has detected a new round of phishing activities using GuLoader to deliver the AgentTesla secret-stealing Trojan. The attackers sent phishing emails to companies in the fields of manufacturing, energy, and the Internet in many European and Asian countries with the subject of product quotations, and discovered an attack against a domestic company.
TAGS: fileless attacks, vbs script
INDUSTRIES: Government, Education, Manufacturing, Energy
MALWARE FAMILIES: GuLoader - S0561, Agent Tesla
ATT&CK IDS: TA0042 - Resource Development, T1566 - Phishing, T1204 - User Execution, T1001 - Data Obfuscation, T1112 - Modify Registry, T1055 - Process Injection, T1498.002 - Reflection Amplification, T1003 - OS Credential Dumping, T1087 - Account Discovery, T1018 - Remote System Discovery, T1022 - Data Encrypted, T1113 - Screen Capture, T1020 - Automated Exfiltration
Read More:
Comments