KeyBase Keylogger Malware Family Exposed
Tags
country: China Nigeria
maec-delivery-vectors: Watering Hole
attack-pattern: Data Clipboard Data - T1414 Domains - T1583.001 Domains - T1584.001 Hooking - T1617 Ip Addresses - T1590.005 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Clipboard Data - T1115 Hooking - T1179 Hooking
Show in Graph
Common Information
Type Value
UUID 9a3726dd-d032-454d-9b98-167b438a64d7
Fingerprint 3d3d0c52ea32c4e7
Analysis status DONE
Considered CTI value 0
Text language
Published June 4, 2015, 11:21 a.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 12:58 p.m.
Headline KeyBase Keylogger Malware Family Exposed
Title KeyBase Keylogger Malware Family Exposed
Detected Hints/Tags/Attributes 70/3/14
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/keybase-keylogger-malware-family-exposed/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
keybase.in
Details Domain 22 
hackforums.net
Details Domain 2 
rghost.net
Details Domain 98 
requests.post
Details File 47 
order.exe
Details File 31 
document.exe
Details File 1 
7478.exe
Details File 6 
invoices.exe
Details File 4 
important.exe
Details File 97 
upload.php
Details File 94 
config.php
Details File 1 
'win-jjfoijgl_6_5_14_22_2.php
Details File 1 
win-jjfoijgl_6_5_14_22_2.php
Details Windows Registry Key 188 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run