T1115 - Clipboard Data

Description from ATT&CK

Adversaries may collect data stored in the Windows clipboard from users copying information within or between applications.
Windows

Applications can access clipboard data by using the Windows API. (Citation: MSDN Clipboard)

Mac

OSX provides a native command, pbpaste, to grab clipboard contents (Citation: Operating with EmPyre).

Atomic Tests

Atomic Test #1 - Utilize Clipboard to store or execute commands from
Atomic Test #2 - PowerShell

Atomic Test #1 - Utilize Clipboard to store or execute commands from

Add data to clipboard to copy off or execute commands from.

Supported Platforms: Windows

Run it with `command_prompt`!

dir | clip
clip < readme.txt

Atomic Test #2 - PowerShell

Utilize PowerShell to echo a command to clipboard and execute it

Supported Platforms: Windows

Run it with `powershell`!

echo Get-Process | clip
Get-Clipboard | iex

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

T1115.md

T1115.md

T1115 - Clipboard Data

Description from ATT&CK

Windows

Mac

Atomic Tests

Atomic Test #1 - Utilize Clipboard to store or execute commands from

Run it with `command_prompt`!

Atomic Test #2 - PowerShell

Run it with `powershell`!

Files

T1115.md

Latest commit

History

T1115.md

File metadata and controls

T1115 - Clipboard Data

Description from ATT&CK

Windows

Mac

Atomic Tests

Atomic Test #1 - Utilize Clipboard to store or execute commands from

Run it with command_prompt!

Atomic Test #2 - PowerShell

Run it with powershell!

Run it with `command_prompt`!

Run it with `powershell`!