Show in Graph
Common Information
Type Value
Value 
Keylogging - T1056.001
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when [OS Credential Dumping](https://attack.mitre.org/techniques/T1003) efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary may also perform actions such as clearing browser cookies to force users to reauthenticate to systems.(Citation: Talos Kimsuky Nov 2021) Keylogging is the most prevalent type of input capture, with many different ways of intercepting keystrokes.(Citation: Adventures of a Keystroke) Some methods include: * Hooking API callbacks used for processing keystrokes. Unlike [Credential API Hooking](https://attack.mitre.org/techniques/T1056/004), this focuses solely on API functions intended for processing keystroke data. * Reading raw keystroke data from the hardware buffer. * Windows Registry modifications. * Custom drivers. * [Modify System Image](https://attack.mitre.org/techniques/T1601) may provide adversaries with hooks into the operating system of network devices to read raw keystrokes for login sessions.(Citation: Cisco Blog Legacy Device Attacks)
Details Published Attributes CTI Title
Details Website 2024-09-09 0 New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys - RedPacket Security
Details Website 2024-09-09 1199 RST TI Report Digest: 09 Sep 2024
Details Website 2024-09-09 33 Threat Intelligence Report 3rd September – 9th September 2024
Details Website 2024-09-08 0 New RAMBO attack steals data using RAM in air-gapped computers
Details Website 2024-09-08 0 Week 9 In Malware Analysis Fundamentals Workshop
Details Website 2024-09-07 0 New RAMBO attack steals data using RAM in air-gapped computers
Details Website 2024-09-05 39 BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
Details Website 2024-09-05 4 Cyber Briefing: 2024.09.05
Details Website 2024-09-05 2 HOW TO PREVENT LATERAL MOVEMENT IN A NETWORK
Details Website 2024-09-05 73 BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
Details Website 2024-09-04 2 Demonstrating a simple XSS attack using a python script
Details Website 2024-09-04 8 North Korean Hackers Targets Job Seekers with Fake FreeConference App
Details Website 2024-09-04 8 North Korean Hackers Targets Job Seekers with Fake FreeConference App
Details Website 2024-09-04 8 North Korean Hackers Targets Job Seekers with Fake FreeConference App - RedPacket Security
Details Website 2024-09-04 36 The Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government - Cyble
Details Website 2024-09-04 0 Today’s Top Cyber Intelligence Highlights — Sep 04, 2024
Details Website 2024-09-04 1 Meterpreter: the ultimate command guide for hackers
Details Website 2024-09-03 20 Trojan:Win64/Reflo.HNS!MTB Virus Analysis & Removal Guide– Gridinsoft Blog
Details Website 2024-09-03 4 Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users
Details Website 2024-09-03 4 Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users - RedPacket Security
Details Website 2024-09-02 15 CYFIRMA RESEARCH : POWERSHELL KEYLOGGER - CYFIRMA
Details Website 2024-09-02 456 RST TI Report Digest: 02 Sep 2024
Details Website 2024-09-02 28 Threat Intelligence Report 27th August – 2nd September 2024
Details Website 2024-09-01 2 SCENARIO: Exploitation of ScreenConnect Authentication Bypass Vulnerability (CVE-2024–1709 &…
Details Website 2024-08-29 24 Monthly Threat Actor Group Intelligence Report, July 2024 (KOR) – Red Alert