PAKLOG

Malware & Tools · PAKLOG

· MalwareS1233 · Zararlı Yazılım

Type

malware

Techniques

Used By

1 groups

Platforms

Windows

Description

PAKLOG is a keylogger known to be leveraged by Mustang Panda and was first observed utilized in 2024. PAKLOG is deployed via a RAR archive (e.g., key.rar), which contains two files: a signed, legitimate binary (PACLOUD.exe) and the malicious PAKLOG DLL (pa_lang2.dll). The PACLOUD.exe binary is used to side-load the PAKLOG DLL which starts with the keylogger functionality.(Citation: Zscaler PAKLOG CorkLog SplatCloak Splatdropper April 2025)

Tactic Coverage

discovery (3)collection (3)stealth (2)execution (2)credential access (1)defense impairment (1)

Used By (1 groups)

G0129Mustang PandaTA416, RedDelta

Techniques (10)

T1010Application Window Discovery

discovery

T1027.013Encrypted/Encoded File

stealth

T1056.001Keylogging

collectioncredential access

T1057Process Discovery

discovery

T1074.001Local Data Staging

collection

T1106Native API

execution

T1115

References

https://attack.mitre.org/software/S1233 https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal-paklog-corklog-and-splatcloak-p2