Cybercrime, AgentTesla campaign via a fake RFQ from Thailand
The email attachment contains a zip file with an exe inside: the malware. Stolen data is exfiltered via SMTP to an email.
Cybercrime, AgentTesla hides in a fake RFQ email from Thailand
The compressed attachment contains an exe file: the malware. The stolen data is exfiltrated via SMTP to an email address.
Cybercrime, SnakeKeylogger campaign via false bank receipt from Turkey
The 7z attachment of the email contains an exe file – the malware. The stolen data is exfiltrated via SMTP to an email address.
Cybercrime, AgentTesla campaign via fake purchase order from China
The compressed email attachment contains an exe: the malware. The stolen data is exfiltrated via SMTP to an email address.
Cybercrime, AgentTesla changes template but the campaign intensifies
The attachments of 3 different emails contain an exe: the same malware. Even the messages IP is identical. Stolen data is exfiltrated via SMTP.
Cybercrime, double AgentTesla campaign via China and Türkiye
The “URGENT REQUEST FOR PRICE OFFER” and “Ürün 56787898 için sipariş” email attachments contain an exe: the malware. Data is stolen via SMTP and Telegram API.
Cybercrime, “PROFORMA INVOICE 30% DOWNPAYMENT” carries AgentTesla
The email “Payment Advice” compressed attachment contains an exe: the malware. The stolen data is exfiltrated via SMTP.
Cybercrime, purchase order from Zambia bait for AgentTesla
The zip attachment of the “RE: Purchase Order PO-3-000000608 from FALCON INDUSTRIES LIMITED” email contains bat, which executes a JS infecting the PC with malware.
Cybercrime, AgentTesla now passes from bat files via Lebanon
The zip attachment of the "PURCHASE ORDER" email contains a bat file. This runs a PS, which infects the machine with malware. The stolen data is exfiltrated via SMTP.
Cybercrime, double AgentTesla campaign from China
A zip attachment contains an iso with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.