Common Information
| Type | Value |
|---|---|
| Value |
Screen Capture - T1113 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. ===Mac=== On OSX, the native command <code>screencapture</code> is used to capture screenshots. ===Linux=== On Linux, there is the native command <code>xwd</code>. (Citation: Antiquated Mac Malware) Detection: Monitoring for screen capture behavior will depend on the method used to obtain data from the operating system and write output files. Detection methods could include collecting information from unusual processes using API calls used to obtain image data, and monitoring for image files written to disk. The sensor data may need to be correlated with other events to identify malicious activity, depending on the legitimacy of this behavior within a given network environment. Platforms: Linux, macOS, Windows Data Sources: API monitoring, Process monitoring, File monitoring |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-09-17 | 0 | iOS 18 and iPadOS 18: Apple Intelligence and Enterprise Features | ||
| Details | Website | 2024-09-10 | 28 | Retail Targeted Campaigns—Domain Fraud, Brand Impersonation, and Ponzi Schemes, oh my! - DomainTools | Start Here. Know Now. | ||
| Details | Website | 2024-09-09 | 22 | Dive into Sigma Correlation Rules | ||
| Details | Website | 2024-09-07 | 2 | Why Polarity & ThreatConnect? | ThreatConnect | ||
| Details | Website | 2024-09-02 | 15 | CYFIRMA RESEARCH : POWERSHELL KEYLOGGER - CYFIRMA | ||
| Details | Website | 2024-08-29 | 24 | Monthly Threat Actor Group Intelligence Report, July 2024 (KOR) – Red Alert | ||
| Details | Website | 2024-08-27 | 3 | AutoIT Bot Targets Gmail Accounts First | SonicWall | ||
| Details | Website | 2024-08-27 | 77 | LightSpy: Implant for macOS | ||
| Details | Website | 2024-08-22 | 134 | Technical Analysis of Copybara | ||
| Details | Website | 2024-08-14 | 6 | PrestaShop GTAG Websocket Skimmer | ||
| Details | Website | 2024-08-13 | 7 | Kaspersky report on APT trends in Q2 2024 | ||
| Details | Website | 2024-08-12 | 0 | Remexi Backdoor | ||
| Details | Website | 2024-08-10 | 89 | Sidewinder APT – 针对巴基斯坦的网络钓鱼 | CTF导航 | ||
| Details | Website | 2024-08-09 | 0 | Weekly Cyber Threat Intelligence Summary | ||
| Details | Website | 2024-08-05 | 65 | LianSpy: Android spyware leveraging Yandex Disk as C2 | ||
| Details | Website | 2024-08-01 | 34 | BlankBot - a new Android banking trojan with screen recording,… | ||
| Details | Website | 2024-08-01 | 47 | BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor — Elastic Security Labs | ||
| Details | Website | 2024-07-25 | 59 | How APT groups operate in Southeast Asia | ||
| Details | Website | 2024-07-17 | 9 | Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution | ||
| Details | Website | 2024-07-15 | 42 | CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks | ||
| Details | Website | 2024-07-12 | 0 | RAT Catchers - What are We Up Against? - Packt SecPro | ||
| Details | Website | 2024-07-01 | 62 | Kimsuky deploys TRANSLATEXT to target South Korean academia | ||
| Details | Website | 2024-06-27 | 0 | Recovering from a MITRE hangover | ||
| Details | Website | 2024-06-25 | 47 | How to detect the modular RAT CSHARP-STREAMER | ||
| Details | Website | 2024-06-19 | 172 | Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework |