Common Information
| Type | Value |
|---|---|
| Value |
Screen Capture - T1513 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may use screen capture to collect additional information about a target device, such as applications running in the foreground, user data, credentials, or other sensitive information. Applications running in the background can capture screenshots or videos of another application running in the foreground by using the Android `MediaProjectionManager` (generally requires the device user to grant consent).(Citation: Fortinet screencap July 2019)(Citation: Android ScreenCap1 2019) Background applications can also use Android accessibility services to capture screen contents being displayed by a foreground application.(Citation: Lookout-Monokle) An adversary with root access or Android Debug Bridge (adb) access could call the Android `screencap` or `screenrecord` commands.(Citation: Android ScreenCap2 2019)(Citation: Trend Micro ScreenCap July 2015) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2022-05-27 | 9 | Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC – Part II | FortiGuard Labs | ||
| Details | Website | 2022-05-24 | 87 | Rising Stealer in Q1 2022: BlackGuard Stealer | ||
| Details | Website | 2022-05-24 | 24 | Yashma Ransomware, Tracing the Chaos Family Tree | ||
| Details | Website | 2022-05-23 | 45 | Deep Analysis of Vidar Stealer | ||
| Details | Website | 2022-05-12 | 24 | SCYTHE Library: #ThreatThursday - Buhtrap | ||
| Details | Website | 2022-05-11 | 85 | Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques | Proofpoint US | ||
| Details | Website | 2022-05-05 | 19 | Avast Q1/2022 Threat Report - Avast Threat Labs | ||
| Details | Website | 2022-04-29 | 1 | Warning: GRIM and Magnus Android Botnets are Underground | FortiGuard Labs | ||
| Details | Website | 2022-04-27 | 202 | A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity | WeLiveSecurity | ||
| Details | Website | 2022-04-07 | 54 | MoqHao Part 2: Continued European Expansion | ||
| Details | Website | 2022-04-07 | 53 | MoqHao Part 2: Continued European Expansion | ||
| Details | Website | 2022-04-06 | 36 | The Latest Remcos RAT Driven By Phishing Campaign | FortiGuard Labs | ||
| Details | Website | 2022-03-30 | 100 | New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits | ||
| Details | Website | 2022-03-16 | 92 | Avira Labs Research Reveals Hydra Banking Trojan 2.0 targeting a wider network of German and Austrian banks | ||
| Details | Website | 2022-03-09 | 9 | Threat advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools | ||
| Details | Website | 2022-03-01 | 13 | Cybereason vs. BlackCat Ransomware | ||
| Details | Website | 2022-02-24 | 123 | Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks | CISA | ||
| Details | Website | 2022-02-18 | 21 | PseudoManuscrypt Being Distributed in the Same Method as Cryptbot - ASEC BLOG | ||
| Details | Website | 2022-02-15 | 48 | Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months | FortiGuard Labs | ||
| Details | Website | 2022-02-02 | 27 | Catching the RAT called Agent Tesla | Qualys Security Blog | ||
| Details | Website | 2022-02-01 | 10 | StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations | ||
| Details | Website | 2022-01-25 | 55 | Watering hole deploys new macOS malware, DazzleSpy, in Asia | WeLiveSecurity | ||
| Details | Website | 2022-01-20 | 127 | Middle East users targeted by Molerats APT | Zscaler Blog | ||
| Details | Website | 2022-01-18 | 158 | DoNot Go! Do not respawn! | WeLiveSecurity | ||
| Details | Website | 2022-01-17 | 5 | Android/BianLian payload |