Windows Screen Capture with CopyFromScreen (d4a11f63-2390-411c-9adf-d791fd152830)
Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Windows Screen Capture with CopyFromScreen (d4a11f63-2390-411c-9adf-d791fd152830) | Sigma-Rules | Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) | Attack Pattern | 1 |