Unknown Logger

Unknown Logger is a publicly released, free backdoor. Version 1.5 of the backdoor has been used by the actors responsible for the MONSOON campaign. [1]

ID: S0130
Aliases: Unknown Logger
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1003Credential DumpingUnknown Logger is capable of stealing usernames and passwords from browsers on the victim machine.[1]
EnterpriseT1089Disabling Security ToolsUnknown Logger has functionality to disable security tools, including Kaspersky, BitDefender, and MalwareBytes.[1]
EnterpriseT1056Input CaptureUnknown Logger is capable of recording keystrokes.[1]
EnterpriseT1105Remote File CopyUnknown Logger is capable of downloading remote files.[1]
EnterpriseT1091Replication Through Removable MediaUnknown Logger is capable of spreading to USB devices.[1]
EnterpriseT1082System Information DiscoveryUnknown Logger can obtain information about the victim computer name, physical memory, country, and date.[1]
EnterpriseT1016System Network Configuration DiscoveryUnknown Logger can obtain information about the victim's IP address.[1]
EnterpriseT1033System Owner/User DiscoveryUnknown Logger can obtain information about the victim usernames.[1]

Groups

Groups that use this software:

Patchwork

References