Common Information
| Type | Value |
|---|---|
| Value |
Audio Capture - T1123 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | An adversary can leverage a computer's peripheral devices (e.g., microphones and webcams) or applications (e.g., voice and video call services) to capture audio recordings for the purpose of listening into sensitive conversations to gather information. Malware or scripts may be used to interact with the devices through an available API provided by the operating system or an application to capture audio. Audio files may be written to disk and exfiltrated later. Detection: Detection of this technique may be difficult due to the various APIs that may be used. Telemetry data regarding API use may not be useful depending on how a system is normally used, but may provide context to other potentially malicious activity occurring on a system. Behavior that could indicate technique use include an unknown or unusual process accessing APIs associated with devices or software that interact with the microphone, recording devices, or recording software, and a process periodically writing files to disk that contain audio data. Platforms: Linux, macOS, Windows Data Sources: API monitoring, Process monitoring, File monitoring Permissions Required: User |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-07 | 114 | Detailed Analysis of TheftCalls: Impersonating Frequently Used Korean Apps | ||
| Details | Website | 2024-11-04 | 35 | G700 : The Next Generation of Craxs RAT - CYFIRMA | ||
| Details | Website | 2024-10-30 | 27 | Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware | ||
| Details | Website | 2024-10-30 | 154 | Крысиный король: как Android-троян CraxsRAT ворует данные пользователей | Блог F.A.C.C.T. | ||
| Details | Website | 2024-10-29 | 27 | Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware - Zimperium | ||
| Details | Website | 2024-10-17 | 99 | NetSupport RAT и RMS в почтовых рассылках | ||
| Details | Website | 2024-10-14 | 55 | Hidden In Plain Sight: How ErrorFather Deploys Cerberus To Amplify Cyber Threats | ||
| Details | Website | 2024-10-11 | 30 | Expanding the Investigation: Deep Dive into Latest TrickMo Samples | ||
| Details | Website | 2024-10-11 | 30 | Expanding the Investigation: Deep Dive into Latest TrickMo Samples - Zimperium | ||
| Details | Website | 2024-10-10 | 29 | Technical Analysis of DarkVision RAT | ||
| Details | Website | 2024-10-10 | 36 | Technical Analysis of DarkVision RAT | ||
| Details | Website | 2024-10-10 | 18 | Technical Analysis of DarkVision RAT | ||
| Details | Website | 2024-10-08 | 2 | Apple Issues Urgent Security Advisory For IOS And IPadOS Vulnerabilities - Cyble | ||
| Details | Website | 2024-10-07 | 5 | 7th October– Threat Intelligence Report | ||
| Details | Website | 2024-10-07 | 5 | 7th October– Threat Intelligence Report - Check Point Research | ||
| Details | Website | 2024-10-07 | 2 | Apple Patches iOS Security Flaw That Could Reveal Saved Passwords | ||
| Details | Website | 2024-09-26 | 5 | China-linked APT group Salt Typhoon compromised some US ISPs | ||
| Details | Website | 2024-06-13 | 89 | Arid Viper poisons Android apps with AridSpy | ||
| Details | Website | 2024-06-05 | 13 | Cybersecurity threatscape: Q1 2024 | ||
| Details | Website | 2024-04-30 | 64 | Deep Analysis of SecretCalls, A formidable app for notorious Korean financial fraudsters (Part 2) | ||
| Details | Website | 2024-02-01 | 47 | VajraSpy: A Patchwork of espionage apps | ||
| Details | Website | 2023-12-06 | 198 | Russia/Ukraine Update - December 2023 | ||
| Details | Website | 2023-11-01 | 42 | DoNot APT expands its arsenal to spy on victim's VoIP calls | ||
| Details | Website | 2023-10-05 | 6 | APT Profile: Dark Pink APT Group | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 |