Home >
Enterprise >
Participants >
SentinelOne >
Clipboard Data (T1115)
|
|
See technique results for:
Carbanak+FIN7 |
||
The technique was not in scope. |
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
7.A.2
|
Tactic Collection (TA0009) |
|
APT3 |
||||
Step | ATT&CK Pattern |
|
||
12.E.1.5
|
Tactic Collection (TA0009) |
|
Procedure
Empire: WinEnum module included enumeration of clipboard contents
Footnotes
- PowerShell telemetry showed execution of an encoded command and the script was decoded to Windows.Clipboard(...) outside of the capability, but this was not counted as a detection because it was external to the capability.