Malware that abuses the Common Log File System (CLFS) to store/hide a second stage payload via registry transaction files.
|2021-09-03 ⋅ Twitter (@ESETresearch) ⋅ |
Twitter thread on SPARKLOG, a launcher component for PRIVATELOG along with STASHLOG
|2021-09-01 ⋅ FireEye ⋅ |
Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth
There is no Yara-Signature yet.