Show in Graph
Common Information
Type Value
Value 
Keylogging - T1056.001
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when [OS Credential Dumping](https://attack.mitre.org/techniques/T1003) efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary may also perform actions such as clearing browser cookies to force users to reauthenticate to systems.(Citation: Talos Kimsuky Nov 2021) Keylogging is the most prevalent type of input capture, with many different ways of intercepting keystrokes.(Citation: Adventures of a Keystroke) Some methods include: * Hooking API callbacks used for processing keystrokes. Unlike [Credential API Hooking](https://attack.mitre.org/techniques/T1056/004), this focuses solely on API functions intended for processing keystroke data. * Reading raw keystroke data from the hardware buffer. * Windows Registry modifications. * Custom drivers. * [Modify System Image](https://attack.mitre.org/techniques/T1601) may provide adversaries with hooks into the operating system of network devices to read raw keystrokes for login sessions.(Citation: Cisco Blog Legacy Device Attacks)
Details Published Attributes CTI Title
Details Website 2024-08-01 47 BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor — Elastic Security Labs
Details Website 2024-07-31 78 AutoIt 활용 방어 회피 전술의 코니 APT 캠페인 분석
Details Website 2024-07-30 22 Monthly Threat Actor Group Intelligence Report, June 2024 (KOR) – Red Alert
Details Website 2024-07-30 49 UNC4393 Goes Gently into the SILENTNIGHT | Google Cloud Blog
Details Website 2024-07-25 33 Onyx Sleet uses array of malware to gather intelligence for North Korea | Microsoft Security Blog
Details Website 2024-07-25 59 How APT groups operate in Southeast Asia
Details Website 2024-07-15 22 This Meeting Should Have Been an Email
Details Website 2024-07-12 0 RAT Catchers - What are We Up Against? - Packt SecPro
Details Website 2024-06-25 47 How to detect the modular RAT CSHARP-STREAMER
Details Website 2024-06-24 1 What Is Open Source Intelligence (OSINT)?
Details Website 2024-06-19 172 Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework
Details Website 2024-06-13 89 Arid Viper poisons Android apps with AridSpy
Details Website 2024-06-05 13 Cybersecurity threatscape: Q1 2024
Details Website 2024-06-03 16 Unveiling Sharp Panda’s New Loader – Securite360
Details Website 2024-05-30 11 Protecting your devices from information theft — Elastic Security Labs
Details Website 2024-05-28 1 Threats of the Week: Black Basta, Scattered Spider, and FIN7 Malvertising
Details Website 2024-05-16 11 Security Brief: Artificial Sweetener: SugarGh0st RAT Used to Target American Artificial Intelligence Experts | Proofpoint US
Details Website 2024-05-03 5 Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Three — Elastic Security Labs
Details Website 2024-04-30 6 Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Two — Elastic Security Labs
Details Website 2024-04-22 43 Nazar: A Lost Amulet — The Lost Reports
Details Website 2024-03-28 62 Android Malware Vultur Expands Its Wingspan
Details Website 2024-03-16 24 The GlorySprout or a Failed Clone of Taurus Stealer – RussianPanda Research Blog
Details Website 2024-03-13 41 CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
Details Website 2024-03-13 37 CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
Details Website 2024-03-11 38 iSoon leak sheds light on China’s use of extensive hacker-for-hire ecosystem