PUA - Mouse Lock Execution

 1title: PUA - Mouse Lock Execution
 2id: c9192ad9-75e5-43eb-8647-82a0a5b493e3
 3status: test
 4description: In Kaspersky's 2020 Incident Response Analyst Report they listed legitimate tool "Mouse Lock" as being used for both credential access and collection in security incidents.
 5references:
 6    - https://github.com/klsecservices/Publications/blob/657deb6a6eb6e00669afd40173f425fb49682eaa/Incident-Response-Analyst-Report-2020.pdf
 7    - https://sourceforge.net/projects/mouselock/
 8author: Cian Heasley
 9date: 2020-08-13
10modified: 2023-02-21
11tags:
12    - attack.credential-access
13    - attack.collection
14    - attack.t1056.002
15logsource:
16    product: windows
17    category: process_creation
18detection:
19    selection:
20        - Product|contains: 'Mouse Lock'
21        - Company|contains: 'Misc314'
22        - CommandLine|contains: 'Mouse Lock_'
23    condition: selection
24falsepositives:
25    - Legitimate uses of Mouse Lock software
26level: medium

References

• Publications/Incident-Response-Analyst-Report-2020.pdf at 657deb6a6eb6e00669afd40173f425fb49682eaa · klsecservices/Publications

  

  Contribute to klsecservices/Publications development by creating an account on GitHub.

  
  Read More

• Mouse Lock

  

  Download Mouse Lock for free. Locks your computer and see if anyone was trying to guess the password. Feel like locking your mouse when you are away? Well...

  
  Read More

Related rules

• Cisco BGP Authentication Failures
• Cisco LDP Authentication Failures
• Huawei BGP Authentication Failures
• Juniper BGP Missing MD5
• Potential Kerberos Coercion by Spoofing SPNs via DNS Manipulation