SYMBOLCOMMON_NAMEaka. SYNONYMS
win.404keylogger (Back to overview)

404 Keylogger

aka: 404KeyLogger, Snake Keylogger

Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victim’s sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.

References
2022-11-21MalwarebytesMalwarebytes
@techreport{malwarebytes:20221121:20221121:f4c6d35, author = {Malwarebytes}, title = {{2022-11-21 Threat Intel Report}}, date = {2022-11-21}, institution = {Malwarebytes}, url = {https://www.malwarebytes.com/blog/threat-intelligence/2022/20221121-threat-intel-report-final.pdf}, language = {English}, urldate = {2022-11-25} } 2022-11-21 Threat Intel Report
404 Keylogger Agent Tesla Formbook Hive Remcos
2022-08-29360 netlabwanghao
@online{wanghao:20220829:purecrypter:4d81329, author = {wanghao}, title = {{PureCrypter Loader continues to be active and has spread to more than 10 other families}}, date = {2022-08-29}, organization = {360 netlab}, url = {https://blog.netlab.360.com/purecrypter}, language = {Chinese}, urldate = {2022-09-06} } PureCrypter Loader continues to be active and has spread to more than 10 other families
404 Keylogger Agent Tesla AsyncRAT Formbook RedLine Stealer
2022-07-25Cert-UACert-UA
@online{certua:20220725:mass:92104f0, author = {Cert-UA}, title = {{Mass distribution of desktops (Formbook, Snake Keylogger) and use of Malware RelicRace/RelicSource as a means of delivery (CERT-UA#5056)}}, date = {2022-07-25}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/955924}, language = {Ukrainian}, urldate = {2022-07-28} } Mass distribution of desktops (Formbook, Snake Keylogger) and use of Malware RelicRace/RelicSource as a means of delivery (CERT-UA#5056)
404 Keylogger Formbook RelicRace
2022-06-24Github (x-junior)Mohamed Ashraf
@online{ashraf:20220624:deep:5c1c1cf, author = {Mohamed Ashraf}, title = {{Deep Analysis of Snake Keylogger}}, date = {2022-06-24}, organization = {Github (x-junior)}, url = {https://x-junior.github.io/malware%20analysis/2022/06/24/Snakekeylogger.html}, language = {English}, urldate = {2022-07-05} } Deep Analysis of Snake Keylogger
404 Keylogger
2022-06-16BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220616:threat:1ef26f6, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: Unique Delivery Method for Snake Keylogger}}, date = {2022-06-16}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/06/threat-thursday-unique-delivery-method-for-snake-keylogger}, language = {English}, urldate = {2022-07-18} } Threat Thursday: Unique Delivery Method for Snake Keylogger
404 Keylogger
2022-06-13ZscalerRomain Dumont
@online{dumont:20220613:technical:631941a, author = {Romain Dumont}, title = {{Technical Analysis of PureCrypter: A Fully-Functional Loader Distributing Remote Access Trojans and Information Stealers}}, date = {2022-06-13}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/technical-analysis-purecrypter}, language = {English}, urldate = {2022-07-01} } Technical Analysis of PureCrypter: A Fully-Functional Loader Distributing Remote Access Trojans and Information Stealers
404 Keylogger PureCrypter
2022-05-22Bleeping ComputerBill Toulas
@online{toulas:20220522:pdf:f2a1ce7, author = {Bill Toulas}, title = {{PDF smuggles Microsoft Word doc to drop Snake Keylogger malware}}, date = {2022-05-22}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/pdf-smuggles-microsoft-word-doc-to-drop-snake-keylogger-malware/}, language = {English}, urldate = {2022-05-24} } PDF smuggles Microsoft Word doc to drop Snake Keylogger malware
404 Keylogger
2022-05-20HPPatrick Schläpfer
@online{schlpfer:20220520:pdf:34ac538, author = {Patrick Schläpfer}, title = {{PDF Malware Is Not Yet Dead}}, date = {2022-05-20}, organization = {HP}, url = {https://threatresearch.ext.hp.com/pdf-malware-is-not-yet-dead/}, language = {English}, urldate = {2022-05-24} } PDF Malware Is Not Yet Dead
404 Keylogger
2022-05-19BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220519:net:ecf311c, author = {The BlackBerry Research & Intelligence Team}, title = {{.NET Stubs: Sowing the Seeds of Discord (PureCrypter)}}, date = {2022-05-19}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord}, language = {English}, urldate = {2022-06-09} } .NET Stubs: Sowing the Seeds of Discord (PureCrypter)
Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate
2022-04-06nvisoDidier Stevens
@online{stevens:20220406:analyzing:b173385, author = {Didier Stevens}, title = {{Analyzing a “multilayer” Maldoc: A Beginner’s Guide}}, date = {2022-04-06}, organization = {nviso}, url = {https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/}, language = {English}, urldate = {2022-04-15} } Analyzing a “multilayer” Maldoc: A Beginner’s Guide
404 Keylogger
2021-11-04FortinetXiaopeng Zhang
@online{zhang:20211104:deep:edcd241, author = {Xiaopeng Zhang}, title = {{Deep Dive into a Fresh Variant of Snake Keylogger Malware}}, date = {2021-11-04}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/deep-dive-into-a-fresh-variant-of-snake-keylogger-malware}, language = {English}, urldate = {2021-11-08} } Deep Dive into a Fresh Variant of Snake Keylogger Malware
404 Keylogger
2021-10-28CybereasonAleksandar Milenkoski, Brian Janower
@online{milenkoski:20211028:threat:8d45698, author = {Aleksandar Milenkoski and Brian Janower}, title = {{THREAT ANALYSIS REPORT: Snake Infostealer Malware}}, date = {2021-10-28}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-snake-infostealer-malware}, language = {English}, urldate = {2021-11-03} } THREAT ANALYSIS REPORT: Snake Infostealer Malware
404 Keylogger
2021-09-02MalwareBookReportsmuzi
@online{muzi:20210902:crossplatform:31ac1a5, author = {muzi}, title = {{Cross-Platform Java Dropper: Snake and XLoader (Mac Version)}}, date = {2021-09-02}, organization = {MalwareBookReports}, url = {https://malwarebookreports.com/cross-platform-java-dropper-snake-and-xloader-mac-version/}, language = {English}, urldate = {2022-03-25} } Cross-Platform Java Dropper: Snake and XLoader (Mac Version)
Xloader 404 Keylogger
2021-07-12IBMMelissa Frydrych, Claire Zaboeva, Dan Dash
@online{frydrych:20210712:roboski:1f66418, author = {Melissa Frydrych and Claire Zaboeva and Dan Dash}, title = {{RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation}}, date = {2021-07-12}, organization = {IBM}, url = {https://securityintelligence.com/posts/roboski-global-recovery-automation/}, language = {English}, urldate = {2021-07-20} } RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos
2021-07-12Cipher Tech SolutionsMelissa Frydrych, Claire Zaboeva, Dan Dash
@online{frydrych:20210712:roboski:a3c66bf, author = {Melissa Frydrych and Claire Zaboeva and Dan Dash}, title = {{RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation}}, date = {2021-07-12}, organization = {Cipher Tech Solutions}, url = {https://www.ciphertechsolutions.com/roboski-global-recovery-automation/}, language = {English}, urldate = {2021-07-20} } RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos
2021-07-07YouTube (0xca7)0xca7
@online{0xca7:20210707:snakekeylogger:fccf1d2, author = {0xca7}, title = {{Snakekeylogger - Information Stealer}}, date = {2021-07-07}, organization = {YouTube (0xca7)}, url = {https://www.youtube.com/watch?v=vzyJp2w8bPE}, language = {English}, urldate = {2022-03-17} } Snakekeylogger - Information Stealer
404 Keylogger
2021-06-28HPPatrick Schläpfer
@online{schlpfer:20210628:snake:bf10d9d, author = {Patrick Schläpfer}, title = {{Snake Keylogger’s Many Skins: Analysing Code Reuse Among Infostealers}}, date = {2021-06-28}, organization = {HP}, url = {https://threatresearch.ext.hp.com/the-many-skins-of-snake-keylogger/}, language = {English}, urldate = {2021-06-29} } Snake Keylogger’s Many Skins: Analysing Code Reuse Among Infostealers
404 Keylogger Phoenix Keylogger
2021-06-07Twitter (@James_inthe_box)James_inthe_box
@online{jamesinthebox:20210607:characteristic:1e8d734, author = {James_inthe_box}, title = {{Tweet on characteristic strings in snake keylogger}}, date = {2021-06-07}, organization = {Twitter (@James_inthe_box)}, url = {https://twitter.com/James_inthe_box/status/1401921257109561353}, language = {English}, urldate = {2021-06-08} } Tweet on characteristic strings in snake keylogger
404 Keylogger
2021-01InfobloxEric Patterson
@online{patterson:202101:snake:630eaec, author = {Eric Patterson}, title = {{Snake Keylogger Slithers Through Malspam}}, date = {2021-01}, organization = {Infoblox}, url = {https://insights.infoblox.com/threat-intelligence-reports/threat-intelligence--102}, language = {English}, urldate = {2021-05-26} } Snake Keylogger Slithers Through Malspam
404 Keylogger
2020-10-20InfobloxJames Barnett
@online{barnett:20201020:404:c398034, author = {James Barnett}, title = {{404 Keylogger Campaigns}}, date = {2020-10-20}, organization = {Infoblox}, url = {https://insights.infoblox.com/threat-intelligence-reports/threat-intelligence--89}, language = {English}, urldate = {2021-02-24} } 404 Keylogger Campaigns
404 Keylogger
2019-11-27Group-IBIlya Pomerantsev
@online{pomerantsev:20191127::4345ace, author = {Ilya Pomerantsev}, title = {{Кейлоггер с сюрпризом: анализ клавиатурного шпиона и деанон его разработчика}}, date = {2019-11-27}, organization = {Group-IB}, url = {https://habr.com/ru/company/group-ib/blog/477198/}, language = {Russian}, urldate = {2020-03-23} } Кейлоггер с сюрпризом: анализ клавиатурного шпиона и деанон его разработчика
404 Keylogger

There is no Yara-Signature yet.