ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool logsupport.dll

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: logsupport.dll

Nameslogsupport.dll
CategoryMalware
TypeBackdoor
Description(Avast) logsupport.dll is primarily used as a backdoor, but uses a different C&C server than the other backdoors. Its corresponding log file is located at %TEMP%\rar%[A-Z0-9]{4}%.tmp. The structure of the log file is also the same. The main difference is that the log file is encrypted by a XOR cipher with a hardcoded key.
Information<https://decoded.avast.io/luigicamastra/apt-group-planted-backdoors-targeting-high-profile-networks-in-central-asia/>

Last change to this tool card: 18 May 2020

Download this tool card in JSON format

All groups using tool logsupport.dll

ChangedNameCountryObserved

APT groups

 MikroceenChina2017 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key