| .. | ||
| Email_C2_Accounts_list.csv | ||
| FTP_C2_account_list.csv | ||
| ReadMe.md | ||
| Telegram_C2_Bot_Tokens.txt | ||
AgentTesla
AgentTesla is a long known threat in the cybersecurity space. The malware has been analysed and discussed in many occasions. For an overview on this threat check out: https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla Sadly, many different builders of AgentTesla have been leaked to the public, enabling many different actors to make use of it. This repo contains lists of C2 servers used by AgentTesla actors during the last years.
Some hints on how to read this repo:
Email_C2_Accounts_list.csv
This file contains information on known SMTP C2 servers used by AgentTesla Actors. Be aware that the original file also contains usernames and passwords for the mentioned SMTP servers. However as many of them are compromised company servers, I will not publish those. Feel free to reach out to me if you find your SMTP server in this list and I can help you identify the compromised entity.
FTP_C2_account_list.csv
This file contains information on known FTP servers used as AgentTesla C2s. Again, the original malware config contains username and password for those servers, but it has to be assumed many of those FTPs are compromised. Feel free to reach out to me if you find your FTP server in this list and I can help you identify the compromised entity.
Telegram_C2_Bot_Tokens.txt
Historic and current telegram bots used as AgentTesla C2s. If you see a query to https://api.telegram.org/[TOKEN]/ in your network, you probably want to have a closer look at the host sending the query.