Home >
Enterprise >
Participants >
FireEye >
Screen Capture (T1113)
|
|
Carbanak+FIN7 |
||||||||
Step | ATT&CK Pattern |
|
||||||
2.B.4
|
Tactic Collection (TA0009) |
|
||||||
9.A.4
|
Tactic Collection (TA0009) |
|
||||||
13.B.4
|
Tactic Collection (TA0009) |
|
||||||
18.A.2
|
Tactic Collection (TA0009) |
|
APT29 |
||||||||
Step | ATT&CK Pattern |
|
||||||
7.A.1
|
Tactic Collection (TA0009) |
|
Procedure
Captured and saved screenshots using PowerShell
Criteria
powershell.exe executing the CopyFromScreen function from System.Drawing.dll
Footnotes
- The logic for this detection was enabled after the start of the evaluation so the detection is identified as a Detection Configuration Change.


APT3 |
||||
Step | ATT&CK Pattern |
|
||
8.D.1.1
|
Tactic Discovery (TA0007) |
|