T1113: T1113
Essential information
- MITRE technique ID
T1113- Confidence
- 100/100
- Revoked
- No
- Published
- 31/05/2017 23:31
- Modified
- 27/03/2026 01:07
- Author / Source
- The MITRE Corporation
Aliases
Screen Capture
Platforms
windows macos linux
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | collection |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (61)
-
APT-C-36 (Blind Eagle) relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
APT-C-55 (Kimsuky) relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
APT-C-56 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT39](https://attack.mitre.org/groups/G0087) is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since…
First seen 01/01/1970 · Last seen 16/11/5138 · -
APT42 relatedThe MITRE Corporation Confidence 100
[APT42](https://attack.mitre.org/groups/G1044) is an Iranian-sponsored threat group that conducts cyber espionage and surveillance.(Citation: Mandiant APT42-charms) The group primarily focuses on targets in the Middle East region, but has targeted…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[BRONZE BUTLER](https://attack.mitre.org/groups/G0060) is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group primarily targets Japanese organizations, particularly those in…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Bitter APT Group relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Blackwood relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BrazenBamboo relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CL-STA-1009 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
CL-STA-1062 relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (80)
-
XMRig usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
PteroPSLoad usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
XcLoader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Remus usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Xehook usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
HelloDoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DownExPyer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Woody RAT usesFamily The MITRE Corporation Confidence 100
[Woody RAT](https://attack.mitre.org/software/S1065) is a remote access trojan (RAT) that has been used since at least August 2021 against Russian organizations.(Citation: MalwareBytes WoodyRAT Aug 2022)
First seen 01/01/1970 · Last seen 16/11/5138 · -
PteroPowder usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TONESHELL usesThe MITRE Corporation Confidence 100
[TONESHELL](https://attack.mitre.org/software/S1239) is a custom backdoor that has been used since at least Q1 2021.(Citation: Palo Alto Unit42 STATELY TAURUS TONESHELL September 2023) [TONESHELL](https://attack.mitre.org/software/S1239) malware has previously been leveraged…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Skitnet usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
NightClub usesFamily The MITRE Corporation Confidence 100
[NightClub](https://attack.mitre.org/software/S1090) is a modular implant written in C++ that has been used by [MoustachedBouncer](https://attack.mitre.org/groups/G1019) since at least 2014.(Citation: MoustachedBouncer ESET August 2023)
First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
24 MITREs 1 Malware 2 Observables
-
12 MITREs 1 Malware 1 Observable
Vulnerabilities (CVE) (71)
Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that …
- Attack vector
- Local
- EPSS
- 0.0001 (P0.6%)
- Published
- 12/02/2026
- Modified
- 18/03/2026
Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. …
- Published
- 03/11/2021
- Modified
- 21/12/2025
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. …
- Attack vector
- NETWORK
- Published
- 02/04/2021
- Modified
- 21/12/2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 15/12/2025
- Modified
- 04/04/2026
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted …
- Published
- 03/11/2021
- Modified
- 21/12/2025
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass in limited scenarios.This issue affects MOVEit Transfer: from …
- Attack vector
- NETWORK
- Published
- 25/06/2024
- Modified
- 21/12/2025
Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 29/03/2016
- Modified
- 22/04/2026
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 15/08/2012
- Modified
- 27/04/2026
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to …
- Attack vector
- Network
- Published
- 29/09/2025
- Modified
- 29/05/2026
RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file …
- Attack vector
- Local
- Published
- 24/08/2023
- Modified
- 27/05/2026
Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 10/06/2015
- Modified
- 27/04/2026
Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or …
- Attack vector
- Network
- Published
- 13/06/2023
- Modified
- 21/12/2025
Tool (1)
-
Quick Assist usesThe MITRE Corporation Confidence 100
[Quick Assist](https://attack.mitre.org/software/S1209) is a remote assistance tool primarily for Microsoft Windows, although a macOS version also exists. [Quick Assist](https://attack.mitre.org/software/S1209) allows for remote screen sharing and, with end user…