T1113: T1113

Search IOCs, vulnerabilities, APT…

216.73.216.226

← Back to attack patterns

View on MITRE ATT&CK The MITRE Corporation · Published 31/05/2017 23:31 · Modified 27/03/2026 01:07

Essential information

MITRE technique ID: T1113
Confidence: 100/100
Revoked: No
Published: 31/05/2017 23:31
Modified: 27/03/2026 01:07
Author / Source: The MITRE Corporation

Aliases

Screen Capture

Platforms

windows macos linux

Description

Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen`, `xwd`, or `screencapture`.(Citation: CopyFromScreen .NET)(Citation: Antiquated Mac Malware)

Kill chain phases

Kill chain	Phase
mitre-attack	collection

Marking (TLP)

External references

Antiquated Mac Malware
CopyFromScreen .NET
mitre-attack (T1113)

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (61)

ANTONIO EDUARDO FREDERICO uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
SideCopy uses

The MITRE Corporation Confidence 100

[SideCopy](https://attack.mitre.org/groups/G1008) is a Pakistani threat group that has primarily targeted South Asian countries, including Indian and Afghani government personnel, since at least 2019. [SideCopy](https://attack.mitre.org/groups/G1008)'s name comes from its…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Andariel uses Silent ChollimaPLUTONIUM

The MITRE Corporation Confidence 100

[Andariel](https://attack.mitre.org/groups/G0138) is a North Korean state-sponsored threat group that has been active since at least 2009. [Andariel](https://attack.mitre.org/groups/G0138) has primarily focused its operations--which have included destructive attacks--against South Korean…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Team46 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Pensive Ursa uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
FakeTicketer uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Batavia uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Void Blizzard uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
zEus uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT-C-00 (OceanLotus) uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT-C-60 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Banshee uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 6

1–12 of 61

SgnitLoader uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
DeepData uses

Family
TrojanSpy uses

Family
VBS uses
graphlink uses

Family
STIFF#BIZON uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
FoggyWeb - S0661 uses

Family
ShinyPDF uses

Family
RecordBreaker uses

Family
XploitSpy uses

Family
AshTag uses

Family
Lyceum uses

← Previous

Page / 7

13–24 of 80

Operation DragonReturn: China-Nexus Cyber Espionage Campaign Targeting Govt. … related

AlienVault Confidence 100 26 MITREs 1 Malware 29 IOCs 12 Observables 1 APT
STOCKSTAY Another Day: The Latest Addition to Turla’s … related

AlienVault Confidence 100 2 CVEs 19 MITREs 8 Malwares 57 IOCs 6 Observables 1 APT
CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure related

AlienVault Confidence 100 19 MITREs 3 Malwares 6 IOCs 1 APT
New Backdoor May be Linked to Ransomware Access … related

AlienVault Confidence 100 20 MITREs 6 Malwares 37 IOCs 28 Observables 1 APT
StealC and Amadey: Breaking down infostealers and the … related

AlienVault Confidence 100 25 MITREs 6 Malwares 39 IOCs 24 Observables
Ukraine's UAV Supply Chain Targeted With Besomar-Themed Malware … related

AlienVault Confidence 100 20 MITREs 1 Malware 3 IOCs 1 APT
A Multi-Stage Steganographic Loader Campaign Deploying Diverse Payloads … related

AlienVault Confidence 100 18 MITREs 10 Malwares 1 IOC
Operation Poisson – Analyzing a Cybercriminal’s Entire Operation related

AlienVault Confidence 100 20 MITREs 2 Malwares 13 IOCs 6 Observables 1 APT
May 2026 Infostealer Trend Report related

AlienVault Confidence 100 20 MITREs 6 Malwares 8 IOCs 5 Observables
Crypto Clipper uses Tor and worm-like propagation for … related

AlienVault Confidence 100 9 MITREs 2 Malwares 26 IOCs 10 Observables
ClickFix Campaign Generated Via AI Delivers SmartRAT related

AlienVault Confidence 100 20 MITREs 4 Malwares 9 IOCs 9 Observables
Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and … related

AlienVault Confidence 100 19 MITREs 2 Malwares 12 IOCs 12 Observables 1 APT

← Previous

Page / 5

1–12 of 50

Vulnerabilities (CVE) (71)

CVE-2025-43510 targets

7.8 High

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS …

Published: 12/12/2025
Modified: 18/12/2025

Analyzed

CVE-2018-0802 KEV targets

Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code …

Published: 03/11/2021
Modified: 20/12/2025

CVE-2022-2294 KEV targets

WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform …

Published: 25/08/2022
Modified: 20/12/2025

CVE-2017-8291 KEV targets

7.8 High

Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.

Attack vector: LOCAL
Complexity: LOW
Published: 27/04/2017
Modified: 22/04/2026

CWE-843

CVE-2024-6473 targets

7.8 High

Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.

Attack vector: LOCAL
Published: 03/09/2024
Modified: 21/12/2025

Analyzed

CVE-2026-1731 KEV targets

9.9 Critical

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker …

Attack vector: Network
Published: 13/02/2026
Modified: 20/02/2026

Received

CVE-2023-25157

targets

CVE-2025-55182 KEV targets

10.0 Critical

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …

Attack vector: Network
Published: 05/12/2025
Modified: 29/05/2026

Analyzed

CVE-2025-31277 targets

8.8 High

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and …

Published: 30/07/2025
Modified: 31/07/2025

Analyzed

CVE-2020-1380 KEV targets

7.8 High

Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.

Attack vector: LOCAL
Published: 03/11/2021
Modified: 26/02/2026

CVE-2018-17463 KEV targets

Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted …

Published: 08/06/2022
Modified: 21/12/2025

CVE-2025-20265 targets

10.0 Critical

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to …

Attack vector: Network
Published: 14/08/2025
Modified: 27/05/2026

Awaiting Analysis

← Previous

Page / 6

37–48 of 71

Quick Assist uses

The MITRE Corporation Confidence 100

[Quick Assist](https://attack.mitre.org/software/S1209) is a remote assistance tool primarily for Microsoft Windows, although a macOS version also exists. [Quick Assist](https://attack.mitre.org/software/S1209) allows for remote screen sharing and, with end user…

Contact About Legal notice Privacy policy Terms of use

T1113: T1113

Essential information

Aliases

Platforms

Description

Kill chain phases

Marking (TLP)

External references

Related entities

Intrusion sets (APT) (61)

Malware (80)

Reports (50)

Vulnerabilities (CVE) (71)

Tool (1)