Clipboard Data (T1115)

Tactic: Collection · Platforms: Linux, macOS, Windows

The interactive view maps 1 detection strategy, 4 threat groups, 41 software entries, 1 campaign to this technique, alongside D3FEND countermeasures and data-component coverage.

Overview

Adversaries may collect data stored in the clipboard from users copying information within or between applications.

For example, on Windows adversaries can access clipboard data by using clip.exe or Get-Clipboard. Additionally, adversaries may monitor then replace users’ clipboard with their data (e.g., Transmitted Data Manipulation).

macOS and Linux also have commands, such as pbpaste, to grab clipboard contents.

Explore