SYMBOLCOMMON_NAMEaka. SYNONYMS
win.stashlog (Back to overview)

STASHLOG


Malware that abuses the Common Log File System (CLFS) to store/hide a second stage payload via registry transaction files.

References
2022-05-04CybereasonChen Erlich, Fusao Tanida, Ofir Ozer, Akihiro Tomita, Niv Yona, Daniel Frank, Assaf Dahan
@online{erlich:20220504:operation:e40ec58, author = {Chen Erlich and Fusao Tanida and Ofir Ozer and Akihiro Tomita and Niv Yona and Daniel Frank and Assaf Dahan}, title = {{Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive}}, date = {2022-05-04}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive}, language = {English}, urldate = {2022-05-05} } Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive
PRIVATELOG Spyder STASHLOG Winnti
2022-05-04CybereasonChen Erlich, Fusao Tanida, Ofir Ozer, Akihiro Tomita, Niv Yona, Daniel Frank, Assaf Dahan
@online{erlich:20220504:operation:0d23595, author = {Chen Erlich and Fusao Tanida and Ofir Ozer and Akihiro Tomita and Niv Yona and Daniel Frank and Assaf Dahan}, title = {{Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques}}, date = {2022-05-04}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/operation-cuckoobees-deep-dive-into-stealthy-winnti-techniques}, language = {English}, urldate = {2022-05-09} } Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques
PRIVATELOG Spyder STASHLOG Winnti
2021-09-03Twitter (@ESETresearch)ESET Research
@online{research:20210903:twitter:1e08c95, author = {ESET Research}, title = {{Twitter thread on SPARKLOG, a launcher component for PRIVATELOG along with STASHLOG}}, date = {2021-09-03}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1433819369784610828}, language = {English}, urldate = {2021-09-14} } Twitter thread on SPARKLOG, a launcher component for PRIVATELOG along with STASHLOG
PRIVATELOG STASHLOG
2021-09-01FireEyeAdrien Bataille, Blaine Stancill
@online{bataille:20210901:too:5f62b52, author = {Adrien Bataille and Blaine Stancill}, title = {{Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth}}, date = {2021-09-01}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html}, language = {English}, urldate = {2021-09-02} } Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth
PRIVATELOG STASHLOG

There is no Yara-Signature yet.