Show in Graph
Common Information
Type Value
Value 
Keylogging - T1056.001
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when [OS Credential Dumping](https://attack.mitre.org/techniques/T1003) efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary may also perform actions such as clearing browser cookies to force users to reauthenticate to systems.(Citation: Talos Kimsuky Nov 2021) Keylogging is the most prevalent type of input capture, with many different ways of intercepting keystrokes.(Citation: Adventures of a Keystroke) Some methods include: * Hooking API callbacks used for processing keystrokes. Unlike [Credential API Hooking](https://attack.mitre.org/techniques/T1056/004), this focuses solely on API functions intended for processing keystroke data. * Reading raw keystroke data from the hardware buffer. * Windows Registry modifications. * Custom drivers. * [Modify System Image](https://attack.mitre.org/techniques/T1601) may provide adversaries with hooks into the operating system of network devices to read raw keystrokes for login sessions.(Citation: Cisco Blog Legacy Device Attacks)
Details Published Attributes CTI Title
Details Website 2024-10-16 7 Malicious ads exploited Internet Explorer zero day to drop malware
Details Website 2024-10-15 0 New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT
Details Website 2024-10-15 0 New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT - RedPacket Security
Details Website 2024-10-15 1 ErrorFather Hackers Attacking Android Users To Gain Remote Control
Details Website 2024-10-15 0 Cerberus Android Banking Trojan Deployed in New Malicious Campaign
Details Website 2024-10-15 0 Over 200 malicious apps on Google Play downloaded millions of times
Details Website 2024-10-14 4 New Cerberus Android Malware Variant Evades Security Tools: Cyble
Details Website 2024-10-14 1 TrickMo Malware Attacking Android Devices To Steal Unlock Patterns And PINs
Details Website 2024-10-14 55 Hidden In Plain Sight: How ErrorFather Deploys Cerberus To Amplify Cyber Threats
Details Website 2024-10-14 0 ColdRoot Malware
Details Website 2024-10-14 21 Threat Intelligence Report 8th October – 14th October
Details Website 2024-10-12 0 Exploring Cyber Threats: Malware Stealer and the Password Recovery Tool LockPick
Details Website 2024-10-11 30 Expanding the Investigation: Deep Dive into Latest TrickMo Samples
Details Website 2024-10-11 30 Expanding the Investigation: Deep Dive into Latest TrickMo Samples - Zimperium
Details Website 2024-10-11 71 Weekly Intelligence Report - 11 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-10-10 17 2024-10-03 Amnesia Stealer Samples
Details Website 2024-10-10 29 Technical Analysis of DarkVision RAT
Details Website 2024-10-10 36 Technical Analysis of DarkVision RAT
Details Website 2024-10-10 33 Malware by the (Bit)Bucket: Uncovering AsyncRAT
Details Website 2024-10-10 26 Monthly Threat Actor Group Intelligence Report, August 2024 (KOR)
Details Website 2024-10-10 26 Monthly Threat Actor Group Intelligence Report, July 2024 (ENG) – Red Alert
Details Website 2024-10-10 26 Monthly Threat Actor Group Intelligence Report, August 2024 (KOR) – Red Alert
Details Website 2024-10-10 18 Technical Analysis of DarkVision RAT
Details Website 2024-10-09 2 N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware
Details Website 2024-10-09 2 N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting