T1056 | lazarus.day

#T1056 Input Capture

Technique

Tactics: Collection, Credential Access
Description:
Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture).
First Seen: Lazarus Group • 2017-05-31

MITRE ATT&CK

14

Tagged Reports
12

Unique Authors
3,285

Active Days

Tagged Reports

2026-05-28

Safe Dep

Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace

#FamousChollima #NPM #T1195 #T1195.002 #T1102 #T1102.002 #T1567 #T1567.002 #T1056 #T1056.001 #T1113 #T1005 #T1552 #T1552.004 #T1059 #T1059.001 #T1059.003 #T1547 #T1547.001 #T1053 #T1053.005 #T1543 #T1543.001 #T1543.004 #HuggingFace #T1119

2025-09-26

Siddhant

Preliminary File List Analysis of Kimsuky / APT43 Leak

#APTDown #Kimsuky #T1055 #T1588.002 #T1134 #T1573 #T1105 #T1090 #T1588.001 #T1027 #T1218 #T1071 #T1140 #T1056

2025-04-25

HISolutions

Rolling in the Deep(Web): Lazarus Tsunami

#ContagiousInterview #Tsunami #T1589.001 #T1562.001 #T1608 #T1027 #T1562.004 #T1056 #T1082 #T1566 #T1584.005 #T1587.001 #T1053.005 #T1539 #T1496.001 #T1020 #T1555 #T1547 #T1083 #T1204 #T1059

2024-07-19

Cyfirma

APT Quarterly Highlights : Q2 2024

#Trend #Andariel #Kimsuky #MoonstoneSleet #Lazarus #T1562.001 #T1190 #T1068 #T1543.003 #T1056 #T1595.002 #T1059.003 #T1566 #T1485 #T1218.011 #T1069.002 #T1010 #T1571 #T1102.001 #T1583.001 #T1555.003 #T1033 #T1497.001 #T1203 #T1036 #T1012 #T1027 #T1583.003 #T1071 #T1562.004 #T1614 #T1027.005 #T1548 #T1552 #T1140 #T1005 #T1053.005 #T1564.001 #T1555 #T1129 #T1070.001 #T1046 #T1070 #T1095 #T1569.002 #T1562 #T1573 #T1047 #T1552.001 #T1057 #T1082 #T1518.001 #T1176 #T1090 #T1518 #T1539 #T1041 #T1564 #T1560 #T1202 #T1071.001 #T1547 #T1112 #T1497 #T1059.001 #T1124 #T1056.001 #T1222 #T1070.006 #T1059 #T1564.003 #T1222.001 #T1056.004 #T1547.001 #T1584 #T1087.002 #T1070.004 #T1505.003 #T1113 #T1608.005 #T1204.002 #T1087 #T1574.002 #T1115 #T1083 #T1490 #T1053 #T1486 #T1566.002 #T1133 #T1021.004 #T1003

2023-08-08

Crowd Strike

NOWHERE TO HIDE CROWDSTRIKE 2023 THREAT HUNTING REPORT

#LabyrinthChollima #Trend #T1190 #T1036 #T1016 #T1482 #T1056 #T1558 #T1556 #T1480 #T1552 #T1078 #T1020 #T1555 #T1556.008 #T1046 #T1547 #T1070 #T1110 #T1204 #T1059 #T1003

2023-04-03

Hive Pro

SmoothOperator Campaign Trojanizes 3CXDesktopApp

#SupplyChain #3CXDesktopApp #SmoothOperator #T1574 #T1547 #T1547.001 #T1574.002 #T1091 #T1543 #T1543.003 #T1071 #T1059 #T1056

2022-04-29

PWC

Cyber Threats 2021: A Year in Retrospect

#Trend #BlackBanshee #BlackAlicanto #T1589 #T1069 #T1190 #T1608 #T1036 #T1573 #T1036.007 #T1059.005 #T1068 #T1027 #T1570 #T1595 #T1048 #T1592 #T1615 #T1071 #T1482 #T1057 #T1082 #T1056 #T1059.003 #T1221 #T1566.001 #T1566 #T1074.001 #T1614.001 #T1016.001 #T1591 #T1548 #T1090 #T1547.001 #T1620 #T1049 #T1021 #T1135 #T1005 #T1078 #T1204.001 #T1070.004 #T1053.005 #T1041 #T1113 #T1132.001 #T1555 #T1560 #T1204.002 #T1105 #T1071.001 #T1039 #T1132 #T1547 #T1112 #T1070 #T1087 #T1083 #T1486 #T1124 #T1033 #T1210 #T1110 #T1095 #T1204 #T1059 #T1003

2022-04-15

Dragos

ICS/OT CYBERSECURITY YEAR IN REVIEW 2021

#Trend #WASSONITE #T1589 #T0840 #T1573 #T1036 #T1016 #T0884 #T0888 #T1071 #T0807 #T1056 #T1614 #T1082 #T1574 #T1566 #T1602 #T1591 #T0822 #T0858 #T1021 #T1480 #T1049 #T1584 #T0859 #T1140 #T1078 #T0806 #T1505 #T1041 #T1113 #T1555 #T1560 #T1564 #T0817 #T1132 #T1055 #T1547 #T1127 #T1083 #T1053 #T1189 #T1033 #T0819 #T1074 #T1059 #T1217

2020-08-26

USCISA

FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks

#BeagleBoyz #FASTCash2 #T1190 #T1562.001 #T1565.002 #T1543.003 #T1552.004 #T1056 #T1119 #T1565.003 #T1553.002 #T1485 #T1199 #T1021 #T1078 #T1010 #T1014 #T1574.001 #T1033 #T1203 #T1036 #T1012 #T1016 #T1059.005 #T1106 #T1027 #T1102 #T1071 #T1053.004 #T1027.005 #T1049 #T1140 #T1005 #T1129 #T1105 #T1110 #T1095 #T1489 #T1569.002 #T1573 #T1057 #T1082 #T1561.002 #T1518.001 #T1566.001 #T1548.003 #T1090 #T1041 #T1219 #T1560 #T1202 #T1562.003 #T1059.001 #T1189 #T1204 #T1070.006 #T1059 #T1101 #T1565.001 #T1056.004 #T1098 #T1547.001 #T1053.003 #T1562.006 #T1070.004 #T1505.003 #T1070.003 #T1113 #T1132.001 #T1020 #T1021.002 #T1218.001 #T1055 #T1087 #T1115 #T1083 #T1053 #T1486 #T1133 #T1021.001 #T1217

2020-05-09

dinu135dk

Lazarus group leverages Covid themed HWP Document

#COVID-19 #Lazarus #T1047 #T1036 #T1106 #T1027 #T1057 #T1082 #T1056 #T1140 #T1032 #T1105 #T1022 #T1063 #T1087 #T1115 #T1497 #T1138 #T1124 #T1033 #T1045

2020-02-25

Sentinel One

DPRK Hidden Cobra Update: North Korean Malicious Cyber Activity

#HiddenCobra #T1012 #T1043 #T1016 #T1027 #T1050 #T1048 #T1065 #T1057 #T1056 #T1082 #T1024 #T1090 #T1005 #T1193 #T1041 #T1105 #T1132 #T1055 #T1060 #T1083 #T1064 #T1124 #T1033 #T1074 #T1204 #T1003

2019-08-26

MITRE

Kimsuky

#Kimsuky #G0094 #T1136 #T1589 #T1562 #T1534 #T1190 #T1593 #T1036 #T1012 #T1608 #T1587 #T1550 #T1543 #T1016 #T1027 #T1114 #T1567 #T1102 #T1071 #T1057 #T1056 #T1082 #T1176 #T1566 #T1111 #T1591 #T1098 #T1585 #T1021 #T1553 #T1584 #T1140 #T1218 #T1598 #T1546 #T1583 #T1005 #T1552 #T1078 #T1518 #T1505 #T1041 #T1219 #T1560 #T1555 #T1564 #T1105 #T1588 #T1547 #T1070 #T1112 #T1557 #T1083 #T1055 #T1594 #T1007 #T1053 #T1040 #T1133 #T1586 #T1074 #T1204 #T1059 #T1003

2019-01-29

MITRE

APT38

#G0082 #APT38 #T1562 #T1543 #T1106 #T1027 #T1071 #T1057 #T1056 #T1082 #T1566 #T1529 #T1485 #T1135 #T1049 #T1218 #T1005 #T1518 #T1505 #T1561 #T1105 #T1588 #T1565 #T1115 #T1070 #T1112 #T1083 #T1053 #T1486 #T1189 #T1569 #T1033 #T1110 #T1204 #T1059 #T1217

2017-05-31

MITRE

Lazarus Group

#G0032 #T0865 #T1608 #T1587 #T1056 #T1566 #T1485 #T1591 #T1620 #T1021 #T1078 #T1010 #T1571 #T1588 #T1557 #T1033 #T1001 #T1542 #T1593 #T1589 #T1134 #T1203 #T1036 #T1012 #T1016 #T1106 #T1027 #T1102 #T1071 #T1614 #T1529 #T1049 #T1140 #T1005 #T1105 #T1046 #T1070 #T1110 #T1489 #T1562 #T1534 #T1573 #T1047 #T1543 #T1104 #T1491 #T1057 #T1082 #T1574 #T1090 #T1218 #T1583 #T1041 #T1561 #T1560 #T1564 #T1202 #T1547 #T1497 #T1189 #T1124 #T1204 #T1059 #T1008 #T1048 #T1567 #T1221 #T1098 #T1585 #T1553 #T1584 #T1220 #T1132 #T1055 #T1087 #T1083 #T1053 #T1074

« Back