top of page

OriginLogger: A Look at Agent Tesla’s Successor

On March 4, 2019, one of the most well-known keyloggers used by criminals, called Agent Tesla, closed up shop due to legal troubles. In the announcement message posted on the Agent Tesla Discord server, the keylogger’s developers suggested people switch over to a new keylogger. OriginLogger is a variant of Agent Tesla. As such, the majority of tools and detections for Agent Tesla will still trigger on OriginLogger samples.

MALWARE FAMILIES: Agent Tesla, OriginLogger

ATT&CK IDS: T1056 - Input Capture, T1134 - Access Token Manipulation, T1113 - Screen Capture, T1105 - Ingress Tool Transfer, T1033 - System Owner/User Discovery, T1218 - Signed Binary Proxy Execution, T1071 - Application Layer Protocol, T1095 - Non-Application Layer Protocol, T1140 - Deobfuscate/Decode Files or Information, T1059 - Command and Scripting Interpreter, T1027 - Obfuscated Files or Information, T1021 - Remote Services, T1566 - Phishing, T1583.005 - Botnet

Read More:



Commenting has been turned off.
bottom of page