T1113: T1113

Search IOCs, vulnerabilities, APT…

216.73.216.226

← Back to attack patterns

View on MITRE ATT&CK The MITRE Corporation · Published 31/05/2017 23:31 · Modified 27/03/2026 01:07

Essential information

MITRE technique ID: T1113
Confidence: 100/100
Revoked: No
Published: 31/05/2017 23:31
Modified: 27/03/2026 01:07
Author / Source: The MITRE Corporation

Aliases

Screen Capture

Platforms

windows macos linux

Description

Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen`, `xwd`, or `screencapture`.(Citation: CopyFromScreen .NET)(Citation: Antiquated Mac Malware)

Kill chain phases

Kill chain	Phase
mitre-attack	collection

Marking (TLP)

External references

Antiquated Mac Malware
CopyFromScreen .NET
mitre-attack (T1113)

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (61)

APT-C-36 (Blind Eagle) related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT-C-55 (Kimsuky) related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT-C-56 related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT28 related IRON TWILIGHTSNAKEMACKEREL

The MITRE Corporation Confidence 100

[APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub…

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT39 related ITG07Chafer

The MITRE Corporation Confidence 100

[APT39](https://attack.mitre.org/groups/G0087) is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since…

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT42 related

The MITRE Corporation Confidence 100

[APT42](https://attack.mitre.org/groups/G1044) is an Iranian-sponsored threat group that conducts cyber espionage and surveillance.(Citation: Mandiant APT42-charms) The group primarily focuses on targets in the Middle East region, but has targeted…

First seen 01/01/1970 · Last seen 16/11/5138 ·
BRONZE BUTLER related REDBALDKNIGHTTick

The MITRE Corporation Confidence 100

[BRONZE BUTLER](https://attack.mitre.org/groups/G0060) is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group primarily targets Japanese organizations, particularly those in…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Bitter APT Group related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Blackwood related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
BrazenBamboo related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
CL-STA-1009 related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
CL-STA-1062 related

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 6

25–36 of 61

SgnitLoader uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
DeepData uses

Family
TrojanSpy uses

Family
VBS uses
graphlink uses

Family
STIFF#BIZON uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
FoggyWeb - S0661 uses

Family
ShinyPDF uses

Family
RecordBreaker uses

Family
XploitSpy uses

Family
AshTag uses

Family
Lyceum uses

← Previous

Page / 7

13–24 of 80

Operation DragonReturn: China-Nexus Cyber Espionage Campaign Targeting Govt. … related

AlienVault Confidence 100 26 MITREs 1 Malware 29 IOCs 12 Observables 1 APT
STOCKSTAY Another Day: The Latest Addition to Turla’s … related

AlienVault Confidence 100 2 CVEs 19 MITREs 8 Malwares 57 IOCs 6 Observables 1 APT
CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure related

AlienVault Confidence 100 19 MITREs 3 Malwares 6 IOCs 1 APT
New Backdoor May be Linked to Ransomware Access … related

AlienVault Confidence 100 20 MITREs 6 Malwares 37 IOCs 28 Observables 1 APT
StealC and Amadey: Breaking down infostealers and the … related

AlienVault Confidence 100 25 MITREs 6 Malwares 39 IOCs 24 Observables
Ukraine's UAV Supply Chain Targeted With Besomar-Themed Malware … related

AlienVault Confidence 100 20 MITREs 1 Malware 3 IOCs 1 APT
A Multi-Stage Steganographic Loader Campaign Deploying Diverse Payloads … related

AlienVault Confidence 100 18 MITREs 10 Malwares 1 IOC
Operation Poisson – Analyzing a Cybercriminal’s Entire Operation related

AlienVault Confidence 100 20 MITREs 2 Malwares 13 IOCs 6 Observables 1 APT
May 2026 Infostealer Trend Report related

AlienVault Confidence 100 20 MITREs 6 Malwares 8 IOCs 5 Observables
Crypto Clipper uses Tor and worm-like propagation for … related

AlienVault Confidence 100 9 MITREs 2 Malwares 26 IOCs 10 Observables
ClickFix Campaign Generated Via AI Delivers SmartRAT related

AlienVault Confidence 100 20 MITREs 4 Malwares 9 IOCs 9 Observables
Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and … related

AlienVault Confidence 100 19 MITREs 2 Malwares 12 IOCs 12 Observables 1 APT

← Previous

Page / 5

1–12 of 50

Vulnerabilities (CVE) (71)

CVE-2019-18935 KEV targets

Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the …

Published: 03/11/2021
Modified: 20/12/2025

CVE-2022-43704

targets

CVE-2024-40711 KEV targets

9.8 Critical

Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.

Attack vector: Network
Published: 17/10/2024
Modified: 21/12/2025

Awaiting Analysis

CVE-2024-3400 KEV targets

10.0 Critical

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges …

Attack vector: Network
Published: 12/04/2024
Modified: 21/12/2025

CVE-2025-14174 targets

8.8 High

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out …

Published: 12/12/2025
Modified: 15/12/2025

Analyzed

CVE-2017-5030 KEV targets

8.8 High

Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. …

Attack vector: NETWORK
Complexity: LOW
Published: 25/04/2017
Modified: 22/04/2026

CWE-125

CVE-2025-43520 targets

7.1 High

A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, …

Published: 12/12/2025
Modified: 16/12/2025

Analyzed

CVE-2024-7344 targets

8.2 High

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

Attack vector: LOCAL
Published: 14/01/2025
Modified: 21/12/2025

Analyzed

CVE-2025-29824 KEV targets

7.8 High

Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.

Attack vector: Local
Published: 08/04/2025
Modified: 21/12/2025

Undergoing Analysis

CVE-2017-11882 KEV targets

7.8 High

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Attack vector: Local
Complexity: Low
Published: 15/11/2017
Modified: 29/05/2026

CWE-119

CVE-2022-41352 KEV targets

9.8 Critical

Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other …

Attack vector: Network
Published: 20/10/2022
Modified: 20/12/2025

CVE-2025-20362 KEV targets

6.5 Medium

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …

Attack vector: Network
Published: 25/09/2025
Modified: 21/12/2025

Analyzed

← Previous

Page / 6

1–12 of 71

Quick Assist uses

The MITRE Corporation Confidence 100

[Quick Assist](https://attack.mitre.org/software/S1209) is a remote assistance tool primarily for Microsoft Windows, although a macOS version also exists. [Quick Assist](https://attack.mitre.org/software/S1209) allows for remote screen sharing and, with end user…

Contact About Legal notice Privacy policy Terms of use

T1113: T1113

Essential information

Aliases

Platforms

Description

Kill chain phases

Marking (TLP)

External references

Related entities

Intrusion sets (APT) (61)

Malware (80)

Reports (50)

Vulnerabilities (CVE) (71)

Tool (1)