Skip to content

S0130 Unknown Logger

Unknown Logger is a publicly released, free backdoor. Version 1.5 of the backdoor has been used by the actors responsible for the MONSOON campaign. 1

Item Value
ID S0130
Associated Names
Type MALWARE
Version 1.1
Created 31 May 2017
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1555 Credentials from Password Stores -
enterprise T1555.003 Credentials from Web Browsers Unknown Logger is capable of stealing usernames and passwords from browsers on the victim machine.1
enterprise T1562 Impair Defenses -
enterprise T1562.001 Disable or Modify Tools Unknown Logger has functionality to disable security tools, including Kaspersky, BitDefender, and MalwareBytes.1
enterprise T1105 Ingress Tool Transfer Unknown Logger is capable of downloading remote files.1
enterprise T1056 Input Capture -
enterprise T1056.001 Keylogging Unknown Logger is capable of recording keystrokes.1
enterprise T1091 Replication Through Removable Media Unknown Logger is capable of spreading to USB devices.1
enterprise T1082 System Information Discovery Unknown Logger can obtain information about the victim computer name, physical memory, country, and date.1
enterprise T1016 System Network Configuration Discovery Unknown Logger can obtain information about the victim’s IP address.1
enterprise T1033 System Owner/User Discovery Unknown Logger can obtain information about the victim usernames.1

Groups That Use This Software

ID Name References
G0040 Patchwork 1

References

Back to top