ATT&CK matrix
T1115
Clipboard Data
TA0009Collection
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
For example, on Windows adversaries can access clipboard data by using <code>clip.exe</code> or <code>Get-Clipboard</code>.(Citation: MSDN Clipboard)(Citation: clip_win_server)(Citation: CISA_AA21_200B) Additionally, adversaries may monitor then replace users’ clipboard with their data (e.g., [Transmitted Data Manipulation](https://attack.mitre.org/techniques/T1565/002)).(Citation: mining_ruby_reversinglabs)
macOS and Linux also have commands, such as <code>pbpaste</code>, to grab clipboard contents.(Citation: Operating with EmPyre)
Platforms3
LinuxmacOSWindows
CVEs mapped to this technique
No CVE mappings yet
ATT&CK ↔ CVE mappings come from CTID's open dataset, which currently covers only a fraction of all techniques. Commercial threat-intel feeds would expand this.