ĭragonfly 2.0 has performed screen captures of victims, including by using a tool, scr.exe (which matched the hash of ScreenUtil). ĭOGCALL is capable of capturing screenshots of the victim's machine. ĭerusbi is capable of performing screen captures. ĭark Caracal took screenshots using their Windows malware. ĬrossRAT is capable of taking screen captures. Ĭrimson contains a command to perform screen captures. ĬosmicDuke takes periodic screenshots and exfiltrates them. ĬonnectWise can take screenshots on remote hosts. Ĭobian RAT has a feature to perform screen capture. Ĭobalt Strike's Beacon payload is capable of capturing screenshots. ĬHOPSTICK has the capability to capture screenshots. Ĭhaes can capture screenshots of the infected machine. Ĭatchamas captures screenshots based on specific keywords in the window’s title. Ĭarberp can capture display screenshots with the screens_dll.dll plugin. Ĭarbanak performs desktop video recording and captures screenshots of the desktop and sends it to the C2 server. Ĭannon can take a screenshot of the desktop. Ĭadelspy has the ability to capture screenshots and webcam photos. īRONZE BUTLER has used a tool to capture screenshots. īLUELIGHT has captured a screenshot of the display every 30 seconds for the first 5 minutes after initiating a C2 loop, and then once every five minutes thereafter. īlackEnergy is capable of taking screenshots. īISCUIT has a command to periodically take screenshots of the system. īandook is capable of taking an image of and uploading the current desktop. īADNEWS has a command to take a screenshot and send it to the C2 server. Īzorult can capture screenshots of the victim’s machines. Īttor's has a plugin that captures screenshots of the target applications. Īria-body has the ability to capture screenshots on compromised hosts. ĪPT39 has used a screen capture utility to take screenshots on a compromised host.
ĪPT28 has used tools to take screenshots from victims. ĪppleSeed can take screenshots on a compromised host by calling a series of APIs.
Agent Tesla can capture screenshots of the victim’s desktop.
0 kommentar(er)
