EXPLORE
Sign In
← Back to Explore
T1056.001

Keylogging

Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when [OS Credential Dumping](https://attack.mitre.org/techniques/T1003) efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary ma...

LinuxmacOSNetwork DevicesWindows
4
Detections
2
Sources
26
Threat Actors

BY SOURCE

3sigma1elastic

PROCEDURES (3)

Powershell2 detections

Auto-extracted: 2 detections for powershell

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Credential1 detections

Auto-extracted: 1 detections for credential

THREAT ACTORS (26)

Ajax Security TeamAPT28APT3APT32APT38APT39APT41APT42APT5DarkhotelFIN13FIN4Group5HEXANEKe3changKimsukyLazarus GroupMagic HoundmenuPassOilRigPLATINUMSandworm TeamSowbugThreat Group-3390Tonto TeamVolt Typhoon

DETECTIONS (4)

Linux Keylogging with Pam.d
sigmahigh
Potential Keylogger Activity
sigmamedium
Powershell Keylogging
sigmamedium
PowerShell Keylogging Script
elastichigh