Agent Tesla.

A .NET-based remote access trojan and information stealer active since 2014, sold openly as a commercial product and distributed primarily through phishing emails carrying malicious Office documents and archive attachments. 它属于网络安全的 恶意软件 分类。

A .NET-based remote access trojan and information stealer active since 2014, sold openly as a commercial product and distributed primarily through phishing emails carrying malicious Office documents and archive attachments.

Agent Tesla is a .NET-based info-stealer and remote-access trojan that has been continuously active since 2014, sold openly as a 'monitoring' product on its own clearnet site and through reseller channels. It exists in dozens of slightly different versions because affiliates routinely repack the binary. Capabilities include keystroke logging, clipboard capture, screenshot capture, webcam access, theft of browser passwords and cookies, mail client credentials (Outlook, Thunderbird, FoxMail), VPN client credentials, FTP credentials, and exfiltration over SMTP, FTP, HTTP, or Telegram bots. The dominant infection vector is phishing email: lure documents embed Equation Editor (CVE-2017-11882, CVE-2018-0802) exploits or contain malicious archive attachments delivering a loader stage. Agent Tesla is one of the longest-running commodity stealers and routinely tops monthly malware ranking reports from anti-spam vendors, especially in business-email-compromise-adjacent campaigns. Defenses include disabling Office Equation Editor, attachment-detonation sandboxes, and EDR detections on the common loader behaviors (process hollowing into RegSvcs.exe, AspNetCompiler.exe).

针对 Agent Tesla 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: AgentTesla, OriginLogger (rebrand)。