Show in Graph
Common Information
Type Value
Value 
Keylogging - T1056.001
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when [OS Credential Dumping](https://attack.mitre.org/techniques/T1003) efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary may also perform actions such as clearing browser cookies to force users to reauthenticate to systems.(Citation: Talos Kimsuky Nov 2021) Keylogging is the most prevalent type of input capture, with many different ways of intercepting keystrokes.(Citation: Adventures of a Keystroke) Some methods include: * Hooking API callbacks used for processing keystrokes. Unlike [Credential API Hooking](https://attack.mitre.org/techniques/T1056/004), this focuses solely on API functions intended for processing keystroke data. * Reading raw keystroke data from the hardware buffer. * Windows Registry modifications. * Custom drivers. * [Modify System Image](https://attack.mitre.org/techniques/T1601) may provide adversaries with hooks into the operating system of network devices to read raw keystrokes for login sessions.(Citation: Cisco Blog Legacy Device Attacks)
Details Published Attributes CTI Title
Details Website 2024-11-16 6 Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations - CyberSRC
Details Website 2024-11-14 13 A Comprehensive Malware Analysis: Deobfuscating and Analyzing a Captive ReCAPTCHA Attack
Details Website 2024-11-14 51 Malware Spotlight: A Deep-Dive Analysis of WezRat
Details Website 2024-11-14 49 Malware Spotlight:  A Deep-Dive Analysis of WezRat - Check Point Research
Details Website 2024-11-14 1 Spotlight on Iranian Cyber Group Emennet Pasargad’s Malware - Check Point Blog
Details Website 2024-11-13 55 HawkEye Malware: Technical Analysis
Details Website 2024-11-13 55 HawkEye Malware: Technical Analysis - ANY.RUN's Cybersecurity Blog
Details Website 2024-11-13 0 Authentication Vulnerabilities
Details Website 2024-11-13 55 HawkEye | PredatorPain
Details Website 2024-11-11 4 New Remcos RAT Variant Targets Windows Users Via Phishing
Details Website 2024-11-11 3 Cyber Briefing: 2024.11.11
Details Website 2024-11-11 2 Researchers Detailed Credential Abuse Cycle
Details Website 2024-11-11 0 Wat is malware?
Details Website 2024-11-10 6 Recent Keylogger Attributed to North Korean Group Andariel Analyzed Through A Hybrid Analysis Perspective | CTF导航
Details Website 2024-11-08 3 How to Create Your Own Website Vulnerability Scanner
Details Website 2024-11-08 2 Metasploit Guide :- Main weapon of Hackers
Details Website 2024-11-07 63 Weekly Intelligence Report - 08 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-11-07 4 Essential Terms for Cybersecurity Conversations: Security and Key Tech Lingo A-Z
Details Website 2024-11-07 0 Using Human Risk Management to Detect and Thwart Cyberattacks - Cybersecurity Insiders
Details Website 2024-11-07 19 CrowdStrike’s work with the Democratic National Committee: Setting the record straight
Details Website 2024-11-07 21 Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
Details Website 2024-11-06 44 GodFather Malware Targets 500 Banking & Crypto Apps Worldwide
Details Website 2024-11-05 4 The Credential Abuse Cycle: Theft, Trade, and Exploitation - ReliaQuest
Details Website 2024-11-05 0 Explosive Leaks! LoyLap and Grayscale Under Attack: New Threats on the Dark Web
Details Website 2024-11-04 35 G700 : The Next Generation of Craxs RAT - CYFIRMA