Screen Capture (T1113)
Tactic: Collection · Platforms: Linux, macOS, Windows
The interactive view maps 1 detection strategy, 19 threat groups, 151 software entries, 1 campaign to this technique, alongside D3FEND countermeasures and data-component coverage.
Overview
Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as CopyFromScreen, xwd, or screencapture.