We are seeing a continuation of even more AgentTesla malspam campaigns again this morning. However today’s is somewhat different to usual and also delivers a Nanocore RAT. Actually the Nanocore RATĀ is downloading the AgentTesla keylogger. And after a bit of digging around and seeing an Open Directory listing on the AgentTesla download site we found another multi-stage JavaScript downloader which delivers what looks like Dunhini /Houdini /h-worm and WSHRAT along with moreĀ Nanocore or at least using the same C2 and download structures as recent nanocore samples. Once again the scumbags sending these are using ISO attachments, which generally … Continue reading →