Unknown Logger
Unknown Logger is a publicly released, free backdoor. Version 1.5 of the backdoor has been used by the actors responsible for the MONSOON campaign. [1]
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1555 | .003 | Credentials from Password Stores: Credentials from Web Browsers |
Unknown Logger is capable of stealing usernames and passwords from browsers on the victim machine.[1] |
| Enterprise | T1562 | .001 | Impair Defenses: Disable or Modify Tools |
Unknown Logger has functionality to disable security tools, including Kaspersky, BitDefender, and MalwareBytes.[1] |
| Enterprise | T1105 | Ingress Tool Transfer |
Unknown Logger is capable of downloading remote files.[1] |
|
| Enterprise | T1056 | .001 | Input Capture: Keylogging |
Unknown Logger is capable of recording keystrokes.[1] |
| Enterprise | T1091 | Replication Through Removable Media |
Unknown Logger is capable of spreading to USB devices.[1] |
|
| Enterprise | T1082 | System Information Discovery |
Unknown Logger can obtain information about the victim computer name, physical memory, country, and date.[1] |
|
| Enterprise | T1016 | System Network Configuration Discovery |
Unknown Logger can obtain information about the victim's IP address.[1] |
|
| Enterprise | T1033 | System Owner/User Discovery |
Unknown Logger can obtain information about the victim usernames.[1] |
|