Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used or give context to information collected by a keylogger.(Citation: Prevailion DarkWatchman 2021)
View in MITRE ATT&CK®Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
---|---|---|---|---|
action.hacking.variety.XPath injection | XPath injection. Child of 'Exploit vuln'. | related-to | T1010 | Application Window Discovery |
action.malware.variety.Capture stored data | Capture data stored on system disk | related-to | T1010 | Application Window Discovery |