DEPLOYLOG Malware

DEPLOYLOG is the name of a malicious tool associated with the Winnti advanced persistent threat actor.

The Winnti group is also known by the name APT41 and is believed to be a Chinese state-sponsored threat actor, dealing in cyber espionage.

DEPLOYLOG is a new tool in the Winnti group's toolkit of malicious software. The tool was used in attacks tracked by security researchers working with Cyberreason.

The malware is able to abuse the CLFS or "common log file system" feature of the Windows operating system. The exploit is rarely seen and extracts data stored in the CLFS, then deploys a malicious WINNKIT rootkit driver that is also a custom tool used by the Winnti group and acts as a kernel.

DEPLOYLOG is used in conjunction with a number of other custom malicious tools in Winnti's arsenal, including Spyder - a backdoor tool, STASHLOG - a tool used to store malicious payloads inside the Windows CLFS, SPARKLOG and PRIVATELOG - two tools working in conjunction and finally WINNKIT - the malicious kernel.

DEPLOYLOG is a new tool added to Winnti's arsenal. A unique feature of the attack vector used in campaigns using DEPLOYLOG is the hackers' focus on abusing a legitimate Windows feature and storing their encrypted malicious payload in it.

The attacks using DEPLOYLOG are multi-step and involve complex processes, multi-stage batch files, side-loading malicious DLL files through legitimate Windows services, and manipulation of the Windows registry to compromise the victim system. DEPLOYLOG is just one of the several tools Winnti use in their attempts to plant the WINNKIT rootkit in the targeted system.

May 5, 2022
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.