Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used or give context to information collected by a keylogger.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| action.hacking.variety.XPath injection | XPath injection. Child of 'Exploit vuln'. | related-to | T1010 | Application Window Discovery |
| action.malware.variety.Capture stored data | Capture data stored on system disk | related-to | T1010 | Application Window Discovery |