Ĭannon can take a screenshot of the desktop. Ĭadelspy has the ability to capture screenshots and webcam photos. īRONZE BUTLER has used a tool to capture screenshots. īLUELIGHT has captured a screenshot of the display every 30 seconds for the first 5 minutes after initiating a C2 loop, and then once every five minutes thereafter. īlackEnergy is capable of taking screenshots. īISCUIT has a command to periodically take screenshots of the system. īandook is capable of taking an image of and uploading the current desktop. īADNEWS has a command to take a screenshot and send it to the C2 server. Īzorult can capture screenshots of the victim’s machines. Īttor's has a plugin that captures screenshots of the target applications. Īria-body has the ability to capture screenshots on compromised hosts. ĪPT39 has used a screen capture utility to take screenshots on a compromised host. ĪPT28 has used tools to take screenshots from victims. ĪppleSeed can take screenshots on a compromised host by calling a series of APIs.
Agent Tesla can capture screenshots of the victim’s desktop.
