Common Information
| Type | Value |
|---|---|
| Value |
Screen Capture - T1113 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. ===Mac=== On OSX, the native command <code>screencapture</code> is used to capture screenshots. ===Linux=== On Linux, there is the native command <code>xwd</code>. (Citation: Antiquated Mac Malware) Detection: Monitoring for screen capture behavior will depend on the method used to obtain data from the operating system and write output files. Detection methods could include collecting information from unusual processes using API calls used to obtain image data, and monitoring for image files written to disk. The sensor data may need to be correlated with other events to identify malicious activity, depending on the legitimacy of this behavior within a given network environment. Platforms: Linux, macOS, Windows Data Sources: API monitoring, Process monitoring, File monitoring |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-23 | 44 | Highlighting TA866/Asylum Ambuscade Activity Since 2021 | ||
| Details | Website | 2024-10-21 | 4 | WrnRAT Distributed Under the Guise of Gambling Games - ASEC | ||
| Details | Website | 2024-10-19 | 1 | Firejail: Your First Line of Defense for Linux Application Security | ||
| Details | Website | 2024-10-15 | 0 | New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT | ||
| Details | Website | 2024-10-15 | 0 | New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT - RedPacket Security | ||
| Details | Website | 2024-10-14 | 1 | TrickMo Malware Attacking Android Devices To Steal Unlock Patterns And PINs | ||
| Details | Website | 2024-10-14 | 55 | Hidden In Plain Sight: How ErrorFather Deploys Cerberus To Amplify Cyber Threats | ||
| Details | Website | 2024-10-14 | 1 | Lab 3: The Hunt for Lost Files — Adventures in File Recovery | ||
| Details | Website | 2024-10-11 | 30 | Expanding the Investigation: Deep Dive into Latest TrickMo Samples | ||
| Details | Website | 2024-10-11 | 30 | Expanding the Investigation: Deep Dive into Latest TrickMo Samples - Zimperium | ||
| Details | Website | 2024-10-10 | 29 | Technical Analysis of DarkVision RAT | ||
| Details | Website | 2024-10-10 | 36 | Technical Analysis of DarkVision RAT | ||
| Details | Website | 2024-10-10 | 33 | Malware by the (Bit)Bucket: Uncovering AsyncRAT | ||
| Details | Website | 2024-10-10 | 26 | Monthly Threat Actor Group Intelligence Report, August 2024 (KOR) | ||
| Details | Website | 2024-10-10 | 26 | Monthly Threat Actor Group Intelligence Report, July 2024 (ENG) – Red Alert | ||
| Details | Website | 2024-10-10 | 26 | Monthly Threat Actor Group Intelligence Report, August 2024 (KOR) – Red Alert | ||
| Details | Website | 2024-10-10 | 18 | Technical Analysis of DarkVision RAT | ||
| Details | Website | 2024-10-09 | 0 | ISM’s Guidelines for Enterprise Mobility - Zimperium | ||
| Details | Website | 2024-10-04 | 100 | Агент SIEM используется в атаках SilentCryptoMiner | ||
| Details | Website | 2024-10-04 | 100 | SIEM agent being used in SilentCryptoMiner attacks | ||
| Details | Website | 2024-10-01 | 9 | Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning | ||
| Details | Website | 2024-10-01 | 153 | LightSpy: Implant for iOS | ||
| Details | Website | 2024-09-27 | 58 | OSINT Investigation: Hunting Malicious Infrastructure Linked to Transparent Tribe - CYFIRMA | ||
| Details | Website | 2024-09-26 | 5 | China-linked APT group Salt Typhoon compromised some US ISPs | ||
| Details | Website | 2024-09-23 | 728 | US-CERT Vulnerability Summary for the Week of September 16, 2024 - RedPacket Security |