Trusted Design

MiKey - A Linux Keylogger

概要

Linux malware is slowly becoming more popular. Within the past couple years there were several major incidents that cited the use of Windows backdoors being ported to Linux. Through our research on the Windows KLRD keylogger from the Odinaff report, we were able to discover several new keyloggers. The focus of this blog post is MiKey, a little-known and poorly detected keylogger.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Magic Hound

Score: 6.69
Matched TTPs:
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1573 - Encrypted Channel
MITREへのリンク →

APT39

Score: 7.61
Matched TTPs:
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Volt Typhoon

Score: 9.80
Matched TTPs:
  • T1056.001 - Keylogging
  • T1069 - Permission Groups Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1552.004 - Private Keys
MITREへのリンク →

APT28

Score: 7.85
Matched TTPs:
  • T1056.001 - Keylogging
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Darkhotel

Score: 4.57
Matched TTPs:
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

menuPass

Score: 3.07
Matched TTPs:
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
MITREへのリンク →

APT5

Score: 3.07
Matched TTPs:
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
MITREへのリンク →

Tonto Team

Score: 3.43
Matched TTPs:
  • T1056.001 - Keylogging
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Threat Group-3390

Score: 3.43
Matched TTPs:
  • T1056.001 - Keylogging
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Lazarus Group

Score: 8.70
Matched TTPs:
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

PLATINUM

Score: 6.47
Matched TTPs:
  • T1056.001 - Keylogging
  • T1056.004 - Credential API Hooking
MITREへのリンク →

Sandworm Team

Score: 4.57
Matched TTPs:
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Kimsuky

Score: 3.07
Matched TTPs:
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
MITREへのリンク →

OilRig

Score: 10.46
Matched TTPs:
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1027.005 - Indicator Removal from Tools
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

APT42

Score: 5.82
Matched TTPs:
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Sowbug

Score: 3.07
Matched TTPs:
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
MITREへのリンク →

APT32

Score: 4.57
Matched TTPs:
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT3

Score: 13.15
Matched TTPs:
  • T1056.001 - Keylogging
  • T1069 - Permission Groups Discovery
  • T1546.008 - Accessibility Features
  • T1027.005 - Indicator Removal from Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

FIN13

Score: 6.36
Matched TTPs:
  • T1056.001 - Keylogging
  • T1069 - Permission Groups Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
MITREへのリンク →

Ke3chang

Score: 3.07
Matched TTPs:
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
MITREへのリンク →

APT41

Score: 18.55
Matched TTPs:
  • T1056.001 - Keylogging
  • T1014 - Rootkit
  • T1069 - Permission Groups Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1546.008 - Accessibility Features
  • T1203 - Exploitation for Client Execution
  • T1480.001 - Environmental Keying
MITREへのリンク →

Winnti Group

Score: 3.29
Matched TTPs:
  • T1014 - Rootkit
MITREへのリンク →

Rocke

Score: 7.86
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1552.004 - Private Keys
MITREへのリンク →

TeamTNT

Score: 7.86
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1552.004 - Private Keys
MITREへのリンク →

UNC3886

Score: 7.93
Matched TTPs:
  • T1014 - Rootkit
  • T1027.005 - Indicator Removal from Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Scattered Spider

Score: 10.86
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1552.004 - Private Keys
  • T1578.002 - Create Cloud Instance
MITREへのリンク →

TA505

Score: 3.29
Matched TTPs:
  • T1069 - Permission Groups Discovery
MITREへのリンク →

Gamaredon Group

Score: 5.67
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1001 - Data Obfuscation
MITREへのリンク →

TA2541

Score: 3.88
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

FIN7

Score: 5.67
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1674 - Input Injection
MITREへのリンク →

Mustard Tempest

Score: 5.67
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.006 - SEO Poisoning
MITREへのリンク →

Patchwork

Score: 5.78
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1027.005 - Indicator Removal from Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RedCurl

Score: 3.88
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

APT29

Score: 9.54
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1546.008 - Accessibility Features
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Tropic Trooper

Score: 12.84
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1547.004 - Winlogon Helper DLL
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Velvet Ant

Score: 3.88
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Fox Kitten

Score: 4.42
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1546.008 - Accessibility Features
MITREへのリンク →

Turla

Score: 8.13
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1547.004 - Winlogon Helper DLL
  • T1027.005 - Indicator Removal from Tools
MITREへのリンク →

Mustang Panda

Score: 6.76
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Storm-0501

Score: 3.44
Matched TTPs:
  • T1552.004 - Private Keys
MITREへのリンク →

Wizard Spider

Score: 3.84
Matched TTPs:
  • T1547.004 - Winlogon Helper DLL
MITREへのリンク →

Deep Panda

Score: 6.44
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1027.005 - Indicator Removal from Tools
MITREへのリンク →

Axiom

Score: 4.78
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

GALLIUM

Score: 3.15
Matched TTPs:
  • T1027.005 - Indicator Removal from Tools
MITREへのリンク →

BITTER

Score: 5.12
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Cobalt Group

Score: 4.24
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

LAPSUS$

Score: 4.13
Matched TTPs:
  • T1578.002 - Create Cloud Instance
MITREへのリンク →

Equation

Score: 8.26
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1480.001 - Environmental Keying
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT41

Score: 0.79
Matched TTPs:
  • T1056.001 - Keylogging
  • T1203 - Exploitation for Client Execution
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1014 - Rootkit
  • T1480.001 - Environmental Keying
  • T1546.008 - Accessibility Features
  • T1069 - Permission Groups Discovery
MITREへのリンク →

APT3

Score: 0.58
Matched TTPs:
  • T1056.001 - Keylogging
  • T1203 - Exploitation for Client Execution
  • T1546.008 - Accessibility Features
  • T1027.005 - Indicator Removal from Tools
  • T1069 - Permission Groups Discovery
MITREへのリンク →

Tropic Trooper

Score: 0.57
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1547.004 - Winlogon Helper DLL
  • T1573.002 - Asymmetric Cryptography
  • T1036.005 - Match Legitimate Resource Name or Location
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る