Home/ MITRE Matrix/ Collection/ T1056.001

T1056.001Keylogging

T1056.001 — Keylogging is a MITRE ATT&CK technique in the Collection tactic. Clankerusecase tracks 4 detection use cases covering it and 5 threat-intel articles citing it.

CollectionCredential Access

View on the matrix → Filter Detection Library MITRE official spec ↗

4Use cases

5Articles

0Sub-techniques

2Tactics

↑ Parent technique: T1056 · Input Capture

Use cases covering this technique (4)

[LLM] Velvet Ant trojanized OpenSSH — unauthorized sshd/ssh/scp binary replacement Bespoke install · alerting DSΣPDDCS [LLM] Unauthorized modification of OpenSSH sshd or ssh client binary Bespoke install · alerting DSΣPDDCS [LLM] sshd writing to non-standard files (credential-capture log artifact) Bespoke actions · hunting DSPDDCS [LLM] SlimAgent keylogger HTML log artefact written to disk (Xagent-lineage colour scheme) Bespoke actions · hunting DSPDDCS

Articles citing this technique (5)

crit Chinese hackers hijack auth flow, spy on isolated network for a decade art-07

crit China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade art-22

crit A rigged game: ScarCruft compromises gaming platform in a supply-chain attack art-332

crit Sednit reloaded: Back in the trenches art-477

crit LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan art-642