TIARAS - T1123: Audio Capture

MITRE ATT&CK Technique

Collection T1123

Description

An adversary can leverage a computer's peripheral devices (e.g., microphones and webcams) or applications (e.g., voice and video call services) to capture audio recordings for the purpose of listening into sensitive conversations to gather information.(Citation: ESET Attor Oct 2019) Malware or scripts may be used to interact with the devices through an available API provided by the operating system or an application to capture audio. Audio files may be written to disk and exfiltrated later.

Supported Platforms

Linux macOS Windows

Created

April 29, 2026

Last Updated

April 29, 2026

STIX Data

{'created': '2017-05-31T21:31:34.528Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': "An adversary can leverage a computer's peripheral devices "
                '(e.g., microphones and webcams) or applications (e.g., voice '
                'and video call services) to capture audio recordings for the '
                'purpose of listening into sensitive conversations to gather '
                'information.(Citation: ESET Attor Oct 2019)\n'
                '\n'
                'Malware or scripts may be used to interact with the devices '
                'through an available API provided by the operating system or '
                'an application to capture audio. Audio files may be written '
                'to disk and exfiltrated later.',
 'external_references': [{'external_id': 'T1123',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/techniques/T1123'},
                         {'description': 'Hromcova, Z. (2019, October). AT '
                                         'COMMANDS, TOR-BASED COMMUNICATIONS: '
                                         'MEET ATTOR, A FANTASY CREATURE AND '
                                         'ALSO A SPY PLATFORM. Retrieved May '
                                         '6, 2020.',
                          'source_name': 'ESET Attor Oct 2019',
                          'url': 'https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Attor.pdf'}],
 'id': 'attack-pattern--1035cdf2-3e5f-446f-a7a7-e8f6d7925967',
 'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
                        'phase_name': 'collection'}],
 'modified': '2025-10-24T17:48:24.702Z',
 'name': 'Audio Capture',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': False,
 'spec_version': '2.1',
 'type': 'attack-pattern',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': False,
 'x_mitre_detection': '',
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_is_subtechnique': False,
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_platforms': ['Linux', 'macOS', 'Windows'],
 'x_mitre_version': '1.0'}

Quick Actions

Edit TTP Update from Web

Related Threat Actors (1)

APT37
High

Back to TTPs

Dashboard About