{"description": "Enterprise techniques used by Cadelspy, ATT&CK software S0454 (v1.0)", "name": "Cadelspy (S0454)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1010", "comment": "[Cadelspy](https://attack.mitre.org/software/S0454) has the ability to identify open windows on the compromised host.(Citation: Symantec Chafer Dec 2015)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1560", "comment": "[Cadelspy](https://attack.mitre.org/software/S0454) has the ability to compress stolen data into a .cab file.(Citation: Symantec Chafer Dec 2015)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1123", "comment": "[Cadelspy](https://attack.mitre.org/software/S0454) has the ability to record audio from the compromised host.(Citation: Symantec Chafer Dec 2015)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1115", "comment": "[Cadelspy](https://attack.mitre.org/software/S0454) has the ability to steal data from the clipboard.(Citation: Symantec Chafer Dec 2015)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1056", "showSubtechniques": true}, {"techniqueID": "T1056.001", "comment": "[Cadelspy](https://attack.mitre.org/software/S0454) has the ability to log keystrokes on the compromised host.(Citation: Symantec Chafer Dec 2015)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1120", "comment": "[Cadelspy](https://attack.mitre.org/software/S0454) has the ability to steal information about printers and the documents sent to printers.(Citation: Symantec Chafer Dec 2015)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1113", "comment": "[Cadelspy](https://attack.mitre.org/software/S0454) has the ability to capture screenshots and webcam photos.(Citation: Symantec Chafer Dec 2015)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1082", "comment": "[Cadelspy](https://attack.mitre.org/software/S0454) has the ability to discover information about the compromised host.(Citation: Symantec Chafer Dec 2015)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Cadelspy", "color": "#66b1ff"}]}