ID | E1113 |
Objective(s) | Collection, Credential Access |
Related ATT&CK Techniques | Screen Capture (T1113) |
Version | 2.0 |
Created | 1 August 2019 |
Last Modified | 21 November 2022 |
Malware takes screen captures of the desktop.
See ATT&CK: Screen Capture (T1113).
Name | ID | Description |
---|---|---|
WinAPI | E1113.m01 | Screen is captured using WinAPI functions (e.g., user32.GetDesktopWindow). |
Name | Date | Method | Description |
---|---|---|---|
GotBotKR | 2019 | -- | GoBotKR is capable of capturing screenshots. [1] |
BlackEnergy | 2007 | -- | Screenshot plugin allows for collection of screenshots [2] |
DarkComet | 2008 | -- | Can take screenshots of victim's computer [3] |
CHOPSTICK | 2015 | -- | CHOPSTICK takes snapshots of deskop and window contents [4] |
[1] https://www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/
[2] https://securelist.com/be2-custom-plugins-router-abuse-and-target-profiles/67353/
[3] https://blog.malwarebytes.com/threat-analysis/2012/06/you-dirty-rat-part-1-darkcomet/
[4] https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf