T1113: T1113
Essential information
- MITRE technique ID
T1113- Confidence
- 100/100
- Revoked
- No
- Published
- 31/05/2017 23:31
- Modified
- 27/03/2026 01:07
- Author / Source
- The MITRE Corporation
Aliases
Screen Capture
Platforms
windows macos linux
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | collection |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (61)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SideCopy usesThe MITRE Corporation Confidence 100
[SideCopy](https://attack.mitre.org/groups/G1008) is a Pakistani threat group that has primarily targeted South Asian countries, including Indian and Afghani government personnel, since at least 2019. [SideCopy](https://attack.mitre.org/groups/G1008)'s name comes from its…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Andariel](https://attack.mitre.org/groups/G0138) is a North Korean state-sponsored threat group that has been active since at least 2009. [Andariel](https://attack.mitre.org/groups/G0138) has primarily focused its operations--which have included destructive attacks--against South Korean…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Team46 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Pensive Ursa usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
FakeTicketer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Batavia usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Void Blizzard usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
zEus usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
APT-C-60 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Banshee usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (81)
-
NikiHTTP usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
HappyDoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Neptune RAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TeamViewer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SQLmaggie usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
PteroX usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
PteroSteal usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Red Line Stealer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Quasar RAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Water-Saci usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
redux-ace usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
MarkiRAT - S0652 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (50)
-
21 MITREs 2 Malwares 9 Observables 1 APT
-
AlienVault Confidence 100 18 MITREs 3 Malwares 23 IOCs 23 Observables 1 APT
-
AlienVault Confidence 100 25 MITREs 1 Malware 6 IOCs 6 Observables
-
20 MITREs 2 Malwares 10 Observables 1 APT
-
19 MITREs 4 Malwares 46 Observables 1 APT
-
GachiLoader adopts AI skill lure related19 MITREs 2 Malwares 9 Observables
-
2 CVEs 19 MITREs 2 Malwares 4 Observables
-
The AI Frame Campaign Continues related20 MITREs 1 Observable
-
20 MITREs 4 Malwares 7 Observables 1 APT
-
2 CVEs 16 MITREs 1 Malware 6 Observables
-
17 MITREs 3 Malwares 1 Observable
-
AlienVault Confidence 100 20 MITREs 40 IOCs 40 Observables
Vulnerabilities (CVE) (71)
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code …
- Published
- 20/12/2025
- Modified
- 21/12/2025
Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 19/10/2017
- Modified
- 22/04/2026
The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.
- Published
- 27/06/2022
- Modified
- 20/12/2025
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 27/10/2017
- Modified
- 22/04/2026
Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with …
- Attack vector
- Local
- Published
- 23/04/2024
- Modified
- 21/12/2025
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their …
- Attack vector
- Network
- Published
- 14/11/2023
- Modified
- 21/12/2025
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …
- Attack vector
- Local
- Published
- 03/11/2021
- Modified
- 27/05/2026
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 19/01/2017
- Modified
- 22/04/2026
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through …
- Attack vector
- Network
- Published
- 12/08/2025
- Modified
- 27/05/2026
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.
- Published
- 10/01/2022
- Modified
- 20/12/2025
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.
- Published
- 03/11/2021
- Modified
- 21/12/2025
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction …
- Attack vector
- Local
- Published
- 06/02/2025
- Modified
- 21/12/2025