 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: PRIVATELOG| Names | PRIVATELOG | |
| Category | Malware | |
| Type | Loader | |
| Description | (Cybereason) PRIVATELOG is a module that exists in 2 forms: • Wlbsctrl.dll: A DLL to be side-loaded by the IKEEXT service, aiming to execute on Windows Vista to Windows 7 operating systems. • Prntvpt.dll: A DLL to be side loaded by the PrintNotify service, aiming to execute on Windows Server 2012 to Windows 10 operating systems. As both of the DLLs are being loaded by native Windows services, they both live in the context of the svchost process, but differ in their execution flow. | |
| Information | <https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive> <https://www.mandiant.com/resources/unknown-actor-using-clfs-log-files-for-stealth> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.privatelog> | |
Last change to this tool card: 27 December 2022
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | APT 41 |  | 2012-Aug 2024  |  | |
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |