APT29
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
7.A.1
|
|
|
Telemetry showed powershell.exe executing CopyFromScreen from System.Drawing.dll.
[1]
|
|
An MSSP detection for "Collection - Screen Capture" occurred showing evidence of a PowerShell script attempting to take screenshots.
[1]
|
|
Captured and saved screenshots using PowerShell
powershell.exe executing the CopyFromScreen function from System.Drawing.dll
[1]
Captured and saved screenshots using PowerShell
powershell.exe executing the CopyFromScreen function from System.Drawing.dll
[1]