WINGHOOK

Description

(Mandiant) WINGHOOK is a keylogger for Linux and Unix based operating systems. It is packaged as a shared library (SO file) that hooks the read and fgets functions, which are two common functions used for processing user input. The captured data is stored in an encoded format in the directory /var/tmp/ with a filename that begins with .zmanDw.

Names

Name
WINGHOOK

Type

Credential stealer

Information

https://www.mandiant.com/resources/unc2891-overview

Other Information

Uuid

397ad497-a122-48d7-895a-35cdd285f102

Last Card Change

2022-04-03

Threat Intelligence Garden

Explorer

WINGHOOK

WINGHOOK

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks