PRIVATELOG

Description

(Cybereason) PRIVATELOG is a module that exists in 2 forms:
• Wlbsctrl.dll: A DLL to be side-loaded by the IKEEXT service, aiming to execute on Windows Vista to Windows 7 operating systems. • Prntvpt.dll: A DLL to be side loaded by the PrintNotify service, aiming to execute on Windows Server 2012 to Windows 10 operating systems.

As both of the DLLs are being loaded by native Windows services, they both live in the context of the svchost process, but differ in their execution flow.

Names

Name
PRIVATELOG

Type

Loader

Information

https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive
https://www.mandiant.com/resources/unknown-actor-using-clfs-log-files-for-stealth

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.privatelog

Other Information

Uuid

3f25cda3-f293-4a3a-9b3a-7cdef172f7d9

Last Card Change

2022-12-27

Threat Intelligence Garden

Explorer

PRIVATELOG

PRIVATELOG

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks