T1113: T1113
Essential information
- MITRE technique ID
T1113- Confidence
- 100/100
- Revoked
- No
- Published
- 31/05/2017 23:31
- Modified
- 27/03/2026 01:07
- Author / Source
- The MITRE Corporation
Aliases
Screen Capture
Platforms
windows macos linux
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | collection |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (61)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SideCopy usesThe MITRE Corporation Confidence 100
[SideCopy](https://attack.mitre.org/groups/G1008) is a Pakistani threat group that has primarily targeted South Asian countries, including Indian and Afghani government personnel, since at least 2019. [SideCopy](https://attack.mitre.org/groups/G1008)'s name comes from its…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Andariel](https://attack.mitre.org/groups/G0138) is a North Korean state-sponsored threat group that has been active since at least 2009. [Andariel](https://attack.mitre.org/groups/G0138) has primarily focused its operations--which have included destructive attacks--against South Korean…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Team46 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Pensive Ursa usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
FakeTicketer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Batavia usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Void Blizzard usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
zEus usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
APT-C-60 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Banshee usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (81)
-
XMRig usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
PteroPSLoad usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
XcLoader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Remus usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Xehook usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
HelloDoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DownExPyer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Woody RAT usesFamily The MITRE Corporation Confidence 100
[Woody RAT](https://attack.mitre.org/software/S1065) is a remote access trojan (RAT) that has been used since at least August 2021 against Russian organizations.(Citation: MalwareBytes WoodyRAT Aug 2022)
First seen 01/01/1970 · Last seen 16/11/5138 · -
PteroPowder usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TONESHELL usesThe MITRE Corporation Confidence 100
[TONESHELL](https://attack.mitre.org/software/S1239) is a custom backdoor that has been used since at least Q1 2021.(Citation: Palo Alto Unit42 STATELY TAURUS TONESHELL September 2023) [TONESHELL](https://attack.mitre.org/software/S1239) malware has previously been leveraged…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Skitnet usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
NightClub usesFamily The MITRE Corporation Confidence 100
[NightClub](https://attack.mitre.org/software/S1090) is a modular implant written in C++ that has been used by [MoustachedBouncer](https://attack.mitre.org/groups/G1019) since at least 2014.(Citation: MoustachedBouncer ESET August 2023)
First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
21 MITREs 2 Malwares 9 Observables 1 APT
-
AlienVault Confidence 100 18 MITREs 3 Malwares 23 IOCs 23 Observables 1 APT
-
AlienVault Confidence 100 25 MITREs 1 Malware 6 IOCs 6 Observables
-
20 MITREs 2 Malwares 10 Observables 1 APT
-
19 MITREs 4 Malwares 46 Observables 1 APT
-
GachiLoader adopts AI skill lure related19 MITREs 2 Malwares 9 Observables
-
2 CVEs 19 MITREs 2 Malwares 4 Observables
-
The AI Frame Campaign Continues related20 MITREs 1 Observable
-
20 MITREs 4 Malwares 7 Observables 1 APT
-
2 CVEs 16 MITREs 1 Malware 6 Observables
-
17 MITREs 3 Malwares 1 Observable
-
AlienVault Confidence 100 20 MITREs 40 IOCs 40 Observables
Vulnerabilities (CVE) (71)
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code …
- Published
- 20/12/2025
- Modified
- 21/12/2025
Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 19/10/2017
- Modified
- 22/04/2026
The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.
- Published
- 27/06/2022
- Modified
- 20/12/2025
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 27/10/2017
- Modified
- 22/04/2026
Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with …
- Attack vector
- Local
- Published
- 23/04/2024
- Modified
- 21/12/2025
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their …
- Attack vector
- Network
- Published
- 14/11/2023
- Modified
- 21/12/2025
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …
- Attack vector
- Local
- Published
- 03/11/2021
- Modified
- 27/05/2026
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 19/01/2017
- Modified
- 22/04/2026
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through …
- Attack vector
- Network
- Published
- 12/08/2025
- Modified
- 27/05/2026
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.
- Published
- 10/01/2022
- Modified
- 20/12/2025
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.
- Published
- 03/11/2021
- Modified
- 21/12/2025
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction …
- Attack vector
- Local
- Published
- 06/02/2025
- Modified
- 21/12/2025