How to create a keylogger in PowerShell?
Tags
| attack-pattern: | Data Credentials - T1589.001 Hooking - T1617 Powershell - T1059.001 Software - T1592.002 Tool - T1588.002 Hooking - T1179 Powershell - T1086 Scripting - T1064 Hooking Scripting |
Common Information
| Type | Value |
|---|---|
| UUID | 61c5628c-b2ab-4b17-8b6d-02abce4d2a92 |
| Fingerprint | 66538a2389a7f365 |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | May 16, 2017, midnight |
| Added to db | Jan. 18, 2023, 11:46 p.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | How to create a keylogger in PowerShell? |
| Title | How to create a keylogger in PowerShell? |
| Detected Hints/Tags/Attributes | 34/1/19 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.tarlogic.com/en/blog/how-to-create-keylogger-in-powershell/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 6 | charset.auto |
|
| Details | Domain | 1 | hinchley.net |
|
| Details | Domain | 228 | system.io |
|
| Details | Domain | 61 | system.windows |
|
| Details | Domain | 29 | intptr.zero |
|
| Details | Domain | 14 | application.run |
|
| Details | Domain | 18 | www.tarlogic.com |
|
| Details | File | 291 | user32.dll |
|
| Details | File | 1 | get-keystrokes.ps1 |
|
| Details | File | 1 | keylogger.ps1 |
|
| Details | File | 85 | log.txt |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 41 | www.tar |
|
| Details | Github username | 1 | adaptivethreat |
|
| Details | Github username | 6 | samratashok |
|
| Details | Url | 1 | https://github.com/adaptivethreat/empire/…/get-keystrokes.ps1 |
|
| Details | Url | 1 | https://github.com/samratashok/nishang/blob/master/gather/keylogger.ps1 |
|
| Details | Url | 1 | https://hinchley.net/2013/11/03/creating-a-key-logger-via-a-global-system-hook-using-powershell |