Common Information
| Type | Value |
|---|---|
| Value |
Screen Capture - T1113 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. ===Mac=== On OSX, the native command <code>screencapture</code> is used to capture screenshots. ===Linux=== On Linux, there is the native command <code>xwd</code>. (Citation: Antiquated Mac Malware) Detection: Monitoring for screen capture behavior will depend on the method used to obtain data from the operating system and write output files. Detection methods could include collecting information from unusual processes using API calls used to obtain image data, and monitoring for image files written to disk. The sensor data may need to be correlated with other events to identify malicious activity, depending on the legitimacy of this behavior within a given network environment. Platforms: Linux, macOS, Windows Data Sources: API monitoring, Process monitoring, File monitoring |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-02-06 | 94 | Collect, Exfiltrate, Sleep, Repeat - The DFIR Report | ||
| Details | Website | 2023-02-03 | 14 | TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users | ||
| Details | Website | 2023-02-03 | 20 | TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users | ||
| Details | Website | 2023-01-27 | 380 | Threat Round up for January 20 to January 27 | ||
| Details | Website | 2023-01-26 | 49 | The Godfather Banking Trojan Expands Application Targeting to Affect More Europe-Based Victims | ||
| Details | Website | 2023-01-16 | 0 | The Most Popular Methods By Which Ransomware Is Delivered And Deployed | ||
| Details | Website | 2023-01-13 | 425 | Threat Round up for January 6 to January 13 | ||
| Details | Website | 2023-01-06 | 29 | Distribution of NetSupport RAT Malware Disguised as a Pokemon Game - ASEC BLOG | ||
| Details | Website | 2023-01-02 | 47 | Dark Web Profile: MuddyWater APT Group - SOCRadar | ||
| Details | Website | 2023-01-01 | 123 | The Mac Malware of 2022 👾 | ||
| Details | Website | 2022-12-22 | 175 | New RisePro Stealer distributed by the prominent PrivateLoader | ||
| Details | Website | 2022-12-16 | 70 | SiestaGraph: New implant uncovered in ASEAN member foreign ministry — Elastic Security Labs | ||
| Details | Website | 2022-12-12 | 69 | Dark Web Profile: APT42 - Iranian Cyber Espionage Group - SOCRadar | ||
| Details | Website | 2022-12-08 | 93 | DeathStalker targets legal entities with new Janicab variant | ||
| Details | Website | 2022-11-30 | 149 | 奇安信威胁情报中心 | ||
| Details | Website | 2022-11-30 | 34 | Redline Stealer being Distributed via Fake Express VPN Sites | ||
| Details | Website | 2022-11-21 | 117 | Aurora: a rising stealer flying under the radar | ||
| Details | Website | 2022-10-30 | 2 | Drinik Malware With Advanced Capabilities Targeting 18 Indian Banks - GBHackers On Security | ||
| Details | Website | 2022-10-20 | 68 | Infostealer Distributed Using Bundled Installer | ||
| Details | Website | 2022-10-18 | 45 | Anomali Cyber Watch: Ransom Cartel Uses DPAPI Dumping, Unknown China-Sponsored Group Targeted Telecommunications, Alchimist C2 Framework Targets Multiple Operating Systems, and More | ||
| Details | Website | 2022-10-11 | 97 | POLONIUM targets Israel with Creepy malware | WeLiveSecurity | ||
| Details | Website | 2022-10-09 | 1 | Le tour des actus cybersécurité | 9 oct 2022 - Le décodeur de cybersécurité | ||
| Details | Website | 2022-10-06 | 15 | Evolution of BazarCall Social Engineering Tactics | ||
| Details | Website | 2022-10-06 | 15 | Evolution of BazarCall Social Engineering Tactics | ||
| Details | Website | 2022-10-06 | 15 | Evolution of BazarCall Social Engineering Tactics |