ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool PRIVATELOG

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: PRIVATELOG

NamesPRIVATELOG
CategoryMalware
TypeLoader
Description(Cybereason) PRIVATELOG is a module that exists in 2 forms:

• Wlbsctrl.dll: A DLL to be side-loaded by the IKEEXT service, aiming to execute on Windows Vista to Windows 7 operating systems.
• Prntvpt.dll: A DLL to be side loaded by the PrintNotify service, aiming to execute on Windows Server 2012 to Windows 10 operating systems.

As both of the DLLs are being loaded by native Windows services, they both live in the context of the svchost process, but differ in their execution flow.
Information<https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive>
<https://www.mandiant.com/resources/unknown-actor-using-clfs-log-files-for-stealth>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.privatelog>

Last change to this tool card: 27 December 2022

Download this tool card in JSON format

All groups using tool PRIVATELOG

ChangedNameCountryObserved

APT groups

XAPT 41China2012-Feb 2023X

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]