Home >
Enterprise >
Participants >
Microsoft >
Screen Capture (T1113)
|
|
Carbanak+FIN7 |
||||||||
Step | ATT&CK Pattern |
|
||||||
2.B.4
|
Tactic Collection (TA0009) |
|
||||||
9.A.4
|
Tactic Collection (TA0009) |
|
||||||
13.B.4
|
Tactic Collection (TA0009) |
|
||||||
18.A.2
|
Tactic Collection (TA0009) |
|
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
7.A.1
|
Tactic Collection (TA0009) |
|
APT3 |
||||
Step | ATT&CK Pattern |
|
||
8.D.1.1
|
Tactic Discovery (TA0007) |
|
Procedure
Cobalt Strike: Built-in screen capture capability executed to capture screenshot of current window of user Debbie
Footnotes
- The vendor stated that screen capture telemetry is captured but it was not immediately visible in the portal. The vendor made changes to the portal during the test to enable by default the visibility of these events, so this detection is identified as a configuration change.

