Agent Tesla.

A .NET-based remote access trojan and information stealer active since 2014, sold openly as a commercial product and distributed primarily through phishing emails carrying malicious Office documents and archive attachments. サイバーセキュリティの マルウェア カテゴリに属します。

A .NET-based remote access trojan and information stealer active since 2014, sold openly as a commercial product and distributed primarily through phishing emails carrying malicious Office documents and archive attachments.

Agent Tesla is a .NET-based info-stealer and remote-access trojan that has been continuously active since 2014, sold openly as a 'monitoring' product on its own clearnet site and through reseller channels. It exists in dozens of slightly different versions because affiliates routinely repack the binary. Capabilities include keystroke logging, clipboard capture, screenshot capture, webcam access, theft of browser passwords and cookies, mail client credentials (Outlook, Thunderbird, FoxMail), VPN client credentials, FTP credentials, and exfiltration over SMTP, FTP, HTTP, or Telegram bots. The dominant infection vector is phishing email: lure documents embed Equation Editor (CVE-2017-11882, CVE-2018-0802) exploits or contain malicious archive attachments delivering a loader stage. Agent Tesla is one of the longest-running commodity stealers and routinely tops monthly malware ranking reports from anti-spam vendors, especially in business-email-compromise-adjacent campaigns. Defenses include disabling Office Equation Editor, attachment-detonation sandboxes, and EDR detections on the common loader behaviors (process hollowing into RegSvcs.exe, AspNetCompiler.exe).

Agent Tesla に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: AgentTesla, OriginLogger (rebrand)。