![]() ![]() KeyBoy has a command to perform screen grabbing. ![]() Kazuar captures screenshots of the victim’s screen. Kasidet has the ability to initiate keylogging and screen captures. JRAT has the capability to take screenshots of the victim’s machine. Ī JHUHUGIT variant takes screenshots by simulating the user pressing the "Take Screenshot" key (VK_SCREENSHOT), accessing the screenshot saved in the clipboard, and converting it to a JPG image. Janicab captured screenshots and sent them out to a C2 server. InvisiMole can capture screenshots of not only the entire screen, but of each separate window open, in case they are overlapping. HyperBro has the ability to take screenshots. Hydraq includes a component based on the code of VNC that can stream a live feed of the desktop of an infected host. HotCroissant has the ability to do real time screen viewing on an infected host. HALFBAKED can obtain screenshots from the victim. Malware used by Group5 is capable of watching the victim's screen. GRIFFON has used a screenshot module that can be used to take a screenshot of the remote system. GOLD SOUTHFIELD has used the remote monitoring and management tool ConnectWise to obtain screen captures from victim's machines. Gh0st RAT can capture the victim’s screen remotely. ![]() Gamaredon Group's malware can take screenshots of the compromised computer every minute. The FunnyDream ScreenCap component can take screenshots on a compromised host. ![]() įruitFly takes screenshots of the user's desktop. įlame can take regular screenshots when certain applications are open that are sent to the command and control server. įinFisher takes a screenshot of the screen and displays it on top of all other windows for few seconds in an apparent attempt to hide some messages showed by the system during the setup process. įIN7 captured screenshots and desktop video recordings. ĮvilGrab has the capability to capture screenshots. Įmpire is capable of capturing screenshots on Windows and macOS systems. ĮCCENTRICBANDWAGON can capture screenshots and store them locally. ĭustySky captures PNG screenshots of the main screen. ĭragonfly has performed screen captures of victims, including by using a tool, scr.exe (which matched the hash of ScreenUtil). ĭOGCALL is capable of capturing screenshots of the victim's machine. ĭerusbi is capable of performing screen captures. ĭark Caracal took screenshots using their Windows malware. ĬrossRAT is capable of taking screen captures. Ĭrimson contains a command to perform screen captures. ĬosmicDuke takes periodic screenshots and exfiltrates them. ĬonnectWise can take screenshots on remote hosts. Ĭobian RAT has a feature to perform screen capture. Ĭobalt Strike's Beacon payload is capable of capturing screenshots. Ĭlambling has the ability to capture screenshots. Ĭhrommme has the ability to capture screenshots. ĬHOPSTICK has the capability to capture screenshots. ĬharmPower has the ability to capture screenshots. Ĭhaes can capture screenshots of the infected machine. Ĭatchamas captures screenshots based on specific keywords in the window’s title. Ĭarberp can capture display screenshots with the screens_dll.dll plugin. Ĭarbanak performs desktop video recording and captures screenshots of the desktop and sends it to the C2 server. Ĭannon can take a screenshot of the desktop. Ĭadelspy has the ability to capture screenshots and webcam photos. īrute Ratel C4 can take screenshots on compromised hosts. īRONZE BUTLER has used a tool to capture screenshots. īLUELIGHT has captured a screenshot of the display every 30 seconds for the first 5 minutes after initiating a C2 loop, and then once every five minutes thereafter. īlackEnergy is capable of taking screenshots. īISCUIT has a command to periodically take screenshots of the system. īandook is capable of taking an image of and uploading the current desktop. īADNEWS has a command to take a screenshot and send it to the C2 server. Īzorult can capture screenshots of the victim’s machines. Īttor's has a plugin that captures screenshots of the target applications. Īria-body has the ability to capture screenshots on compromised hosts. ĪPT39 has used a screen capture utility to take screenshots on a compromised host. ĪPT28 has used tools to take screenshots from victims. ĪppleSeed can take screenshots on a compromised host by calling a series of APIs. Agent Tesla can capture screenshots of the victim’s desktop. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |