S0130 Unknown Logger
Unknown Logger is a publicly released, free backdoor. Version 1.5 of the backdoor has been used by the actors responsible for the MONSOON campaign. 1
| Item | Value |
|---|---|
| ID | S0130 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.1 |
| Created | 31 May 2017 |
| Last Modified | 30 March 2020 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1555 | Credentials from Password Stores | - |
| enterprise | T1555.003 | Credentials from Web Browsers | Unknown Logger is capable of stealing usernames and passwords from browsers on the victim machine.1 |
| enterprise | T1562 | Impair Defenses | - |
| enterprise | T1562.001 | Disable or Modify Tools | Unknown Logger has functionality to disable security tools, including Kaspersky, BitDefender, and MalwareBytes.1 |
| enterprise | T1105 | Ingress Tool Transfer | Unknown Logger is capable of downloading remote files.1 |
| enterprise | T1056 | Input Capture | - |
| enterprise | T1056.001 | Keylogging | Unknown Logger is capable of recording keystrokes.1 |
| enterprise | T1091 | Replication Through Removable Media | Unknown Logger is capable of spreading to USB devices.1 |
| enterprise | T1082 | System Information Discovery | Unknown Logger can obtain information about the victim computer name, physical memory, country, and date.1 |
| enterprise | T1016 | System Network Configuration Discovery | Unknown Logger can obtain information about the victim’s IP address.1 |
| enterprise | T1033 | System Owner/User Discovery | Unknown Logger can obtain information about the victim usernames.1 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0040 | Patchwork | 1 |