Unknown Logger

Unknown Logger is a publicly released, free backdoor. Version 1.5 of the backdoor has been used by the actors responsible for the MONSOON campaign. [1]

ID: S0130
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020

Techniques Used

Domain ID Name Use
Enterprise T1555 .003 Credentials from Password Stores: Credentials from Web Browsers

Unknown Logger is capable of stealing usernames and passwords from browsers on the victim machine.[1]

Enterprise T1562 .001 Impair Defenses: Disable or Modify Tools

Unknown Logger has functionality to disable security tools, including Kaspersky, BitDefender, and MalwareBytes.[1]

Enterprise T1105 Ingress Tool Transfer

Unknown Logger is capable of downloading remote files.[1]

Enterprise T1056 .001 Input Capture: Keylogging

Unknown Logger is capable of recording keystrokes.[1]

Enterprise T1091 Replication Through Removable Media

Unknown Logger is capable of spreading to USB devices.[1]

Enterprise T1082 System Information Discovery

Unknown Logger can obtain information about the victim computer name, physical memory, country, and date.[1]

Enterprise T1016 System Network Configuration Discovery

Unknown Logger can obtain information about the victim's IP address.[1]

Enterprise T1033 System Owner/User Discovery

Unknown Logger can obtain information about the victim usernames.[1]

Groups That Use This Software

ID Name References
G0040 Patchwork

[1]

References