Unknown Logger
Unknown Logger is a publicly released, free backdoor. Version 1.5 of the backdoor has been used by the actors responsible for the MONSOON campaign. [1]
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1555 | .003 | 从密码存储中获取凭证: Credentials from Web Browsers |
Unknown Logger is capable of stealing usernames and passwords from browsers on the victim machine.[1] |
| Enterprise | T1562 | .001 | 妨碍防御: Disable or Modify Tools |
Unknown Logger has functionality to disable security tools, including Kaspersky, BitDefender, and MalwareBytes.[1] |
| Enterprise | T1082 | 系统信息发现 |
Unknown Logger can obtain information about the victim computer name, physical memory, country, and date.[1] |
|
| Enterprise | T1033 | 系统所有者/用户发现 |
Unknown Logger can obtain information about the victim usernames.[1] |
|
| Enterprise | T1016 | 系统网络配置发现 |
Unknown Logger can obtain information about the victim's IP address.[1] |
|
| Enterprise | T1105 | 输入工具传输 |
Unknown Logger is capable of downloading remote files.[1] |
|
| Enterprise | T1056 | .001 | 输入捕获: Keylogging |
Unknown Logger is capable of recording keystrokes.[1] |
| Enterprise | T1091 | 通过可移动媒体复制 |
Unknown Logger is capable of spreading to USB devices.[1] |
|