Screen Capture with Import Tool (dbe4b9c5-c254-4258-9688-d6af0b7967fd)
Detects adversary creating screen capture of a desktop with Import Tool. Highly recommended using rule on servers, due to high usage of screenshot utilities on user workstations. ImageMagick must be installed.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Screen Capture with Import Tool (dbe4b9c5-c254-4258-9688-d6af0b7967fd) | Sigma-Rules | Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) | Attack Pattern | 1 |