Common Information
| Type | Value |
|---|---|
| Value |
Screen Capture - T1113 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. ===Mac=== On OSX, the native command <code>screencapture</code> is used to capture screenshots. ===Linux=== On Linux, there is the native command <code>xwd</code>. (Citation: Antiquated Mac Malware) Detection: Monitoring for screen capture behavior will depend on the method used to obtain data from the operating system and write output files. Detection methods could include collecting information from unusual processes using API calls used to obtain image data, and monitoring for image files written to disk. The sensor data may need to be correlated with other events to identify malicious activity, depending on the legitimacy of this behavior within a given network environment. Platforms: Linux, macOS, Windows Data Sources: API monitoring, Process monitoring, File monitoring |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-13 | 55 | HawkEye Malware: Technical Analysis | ||
| Details | Website | 2024-11-13 | 55 | HawkEye Malware: Technical Analysis - ANY.RUN's Cybersecurity Blog | ||
| Details | Website | 2024-11-13 | 55 | HawkEye | PredatorPain | ||
| Details | Website | 2024-11-12 | 13 | LodaRAT: Established malware, new victim patterns | Rapid7 Blog | ||
| Details | Website | 2024-11-11 | 0 | Game Over | ||
| Details | Website | 2024-11-08 | 0 | Revolutionize Your Business With These Must-Have Computer Monitoring Tools! 🚀 | ||
| Details | Website | 2024-11-06 | 0 | Winos4.0 Malware Found in Game Apps, Targets Windows Users | ||
| Details | Website | 2024-11-04 | 35 | G700 : The Next Generation of Craxs RAT - CYFIRMA | ||
| Details | Website | 2024-11-04 | 38 | Monthly Threat Actor Group Intelligence Report, September 2024 (KOR) | ||
| Details | Website | 2024-11-04 | 14 | Monthly Threat Actor Group Intelligence Report, August 2024 (JPN) | ||
| Details | Website | 2024-11-04 | 16 | Monthly Threat Actor Group Intelligence Report, August 2024 (JPN) – Red Alert | ||
| Details | Website | 2024-11-04 | 38 | Monthly Threat Actor Group Intelligence Report, September 2024 (KOR) – Red Alert | ||
| Details | Website | 2024-11-03 | 35 | Threat Actor — Cl0P | ||
| Details | Website | 2024-11-01 | 7 | New LightSpy spyware version targets iPhones | ||
| Details | Website | 2024-10-31 | 0 | Streamline IT Support with Image Analysis - SysAid | ||
| Details | Website | 2024-10-30 | 27 | Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware | ||
| Details | Website | 2024-10-30 | 154 | Крысиный король: как Android-троян CraxsRAT ворует данные пользователей | Блог F.A.C.C.T. | ||
| Details | Website | 2024-10-29 | 27 | Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware - Zimperium | ||
| Details | Website | 2024-10-29 | 22 | Notorious WrnRAT Delivered Mimic As Gambling Games | ||
| Details | Website | 2024-10-29 | 2 | Notorious WrnRAT Delivered Mimic As Gambling Games | ||
| Details | Website | 2024-10-29 | 207 | WarmCookie Malware Threat Intel | ||
| Details | Website | 2024-10-29 | 14 | Monthly Threat Actor Group Intelligence Report, July 2024 (JPN) | ||
| Details | Website | 2024-10-29 | 16 | Monthly Threat Actor Group Intelligence Report, July 2024 (JPN) – Red Alert | ||
| Details | Website | 2024-10-29 | 28 | Monthly Threat Actor Group Intelligence Report, August 2024 (ENG) – Red Alert | ||
| Details | Website | 2024-10-28 | 67 | Apple Updates Everything - SANS Internet Storm Center |