Trusted Design

T1115 - Clipboard Data

概要

Adversaries may collect data stored in the clipboard from users copying information within or between applications.

For example, on Windows adversaries can access clipboard data by using clip.exe or Get-Clipboard.(Citation: MSDN Clipboard)(Citation: clip_win_server)(Citation: CISA_AA21_200B) Additionally, adversaries may monitor then replace users’ clipboard with their data (e.g., Transmitted Data Manipulation).(Citation: mining_ruby_reversinglabs)

macOS and Linux also have commands, such as pbpaste, to grab clipboard contents.(Citation: Operating with EmPyre)

この攻撃手法を利用する脅威アクター

• Transparent Tribe
• LuminousMoth
• Dragonfly
• CURIUM
• APT32
• FIN7
• Threat Group-3390
• Mustard Tempest

関連する CVE

• CVE-2014-6332
• CVE-2012-0158
• CVE-2015-2502
• CVE-2012-1889
• CVE-2015-2852
• CVE-2012-4969
• CVE-2012-4792
• CVE-2013-2551
• CVE-2015-0071
• CVE-2014-3897
• CVE-2012-0611
• CVE-2015-2419
• CVE-2016-0189

攻撃手法 – 脅威アクター Graph

---

← Technique一覧に戻る ← Tactics一覧に戻る