Common Information
| Type | Value |
|---|---|
| Value |
Keylogging - T1056.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when [OS Credential Dumping](https://attack.mitre.org/techniques/T1003) efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary may also perform actions such as clearing browser cookies to force users to reauthenticate to systems.(Citation: Talos Kimsuky Nov 2021) Keylogging is the most prevalent type of input capture, with many different ways of intercepting keystrokes.(Citation: Adventures of a Keystroke) Some methods include: * Hooking API callbacks used for processing keystrokes. Unlike [Credential API Hooking](https://attack.mitre.org/techniques/T1056/004), this focuses solely on API functions intended for processing keystroke data. * Reading raw keystroke data from the hardware buffer. * Windows Registry modifications. * Custom drivers. * [Modify System Image](https://attack.mitre.org/techniques/T1601) may provide adversaries with hooks into the operating system of network devices to read raw keystrokes for login sessions.(Citation: Cisco Blog Legacy Device Attacks) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-08-28 | 6 | Rocinante: The trojan horse that wanted to fly | ||
| Details | Website | 2024-08-27 | 3 | AutoIT Bot Targets Gmail Accounts First | SonicWall | ||
| Details | Website | 2024-08-27 | 24 | Monthly Threat Actor Group Intelligence Report, June 2024 (ENG) – Red Alert | ||
| Details | Website | 2024-08-27 | 0 | Chameleon is now targeting employees: Masquerading as a CRM app | ||
| Details | Website | 2024-08-26 | 0 | Trustwave Data Reveals HTML Attachments, QR Codes, and BEC as Top Email Attack Vectors | ||
| Details | Website | 2024-08-26 | 2 | Intelligence Insights: August 2024 | ||
| Details | Website | 2024-08-25 | 0 | Android-Malware erlaubt remote-Steuerung von Android-Geräten | ||
| Details | Website | 2024-08-22 | 134 | Technical Analysis of Copybara | ||
| Details | Website | 2024-08-19 | 5 | An overview of the BlindEagle APT’s activity in Latin America | ||
| Details | Website | 2024-08-19 | 6 | Revealing the Power of Keylogging: Hunting for the Revealer Keylogger | ||
| Details | Website | 2024-08-19 | 27 | Python Malware On The Rise | ||
| Details | Website | 2024-08-15 | 22 | 5 Malware Variants You Should Know - ReliaQuest | ||
| Details | Website | 2024-08-12 | 0 | BlankBot: A New Android Banking Trojan Cannot Evade on Device Machine Learning Protection - Zimperium | ||
| Details | Website | 2024-08-12 | 87 | Ongoing Social Engineering Campaign Refreshes Payloads | Rapid7 Blog | ||
| Details | Website | 2024-08-12 | 10 | 12th August – Threat Intelligence Report - Check Point Research | ||
| Details | Website | 2024-08-12 | 0 | Unleashing the Serpent: Navigating the Threat of Snake Malware | ||
| Details | Website | 2024-08-12 | 3 | HyperBro RAT | ||
| Details | Website | 2024-08-12 | 5 | Qakbot | ||
| Details | Website | 2024-08-12 | 0 | njRAT Remote Access Trojan | ||
| Details | Website | 2024-08-12 | 0 | Remexi Backdoor | ||
| Details | Website | 2024-08-09 | 0 | Weekly Cyber Threat Intelligence Summary | ||
| Details | Website | 2024-08-08 | 1 | Nuova campagna italiana StrRat: disponibile una ricetta CyberChef per decodificare il malware | ||
| Details | Website | 2024-08-05 | 0 | Sneaky SnakeKeylogger slithers into Windows email inboxes | ||
| Details | Website | 2024-08-01 | 0 | Grandoreiro Malware: Spear Phishing, Outlook Exploits, and More | ||
| Details | Website | 2024-08-01 | 34 | BlankBot - a new Android banking trojan with screen recording,… |