T1115

Clipboard Data

Collection

Description

Adversaries may collect data stored in the clipboard from users copying information within or between applications.For example, on Windows adversaries can access clipboard data by using <code>clip.exe</code> or <code>Get-Clipboard</code>.(Citation: MSDN Clipboard)(Citation: clip_win_server)(Citation: CISA_AA21_200B) Additionally, adversaries may monitor then replace users’ clipboard with their data (e.g., [Transmitted Data Manipulation](https://attack.mitre.org/techniques/T1565/002)).(Citation: mining_ruby_reversinglabs)macOS and Linux also have commands, such as <code>pbpaste</code>, to grab clipboard contents.(Citation: Operating with EmPyre)

Platforms

LinuxmacOSWindows

Look up any technique

Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.

Our coverage

DEEP#DOOR Python Backdoor Detection: YARA Rules, Network IOCs, and Credential Theft Defences

Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →