PUA - Mouse Lock Execution

 1title: PUA - Mouse Lock Execution
 2id: c9192ad9-75e5-43eb-8647-82a0a5b493e3
 3status: test
 4description: In Kaspersky's 2020 Incident Response Analyst Report they listed legitimate tool "Mouse Lock" as being used for both credential access and collection in security incidents.
 5references:
 6    - https://github.com/klsecservices/Publications/blob/657deb6a6eb6e00669afd40173f425fb49682eaa/Incident-Response-Analyst-Report-2020.pdf
 7    - https://sourceforge.net/projects/mouselock/
 8author: Cian Heasley
 9date: 2020-08-13
10modified: 2023-02-21
11tags:
12    - attack.credential-access
13    - attack.collection
14    - attack.t1056.002
15logsource:
16    product: windows
17    category: process_creation
18detection:
19    selection:
20        - Product|contains: 'Mouse Lock'
21        - Company|contains: 'Misc314'
22        - CommandLine|contains: 'Mouse Lock_'
23    condition: selection
24fields:
25    - Product
26    - Company
27    - CommandLine
28falsepositives:
29    - Legitimate uses of Mouse Lock software
30level: medium

References

• Publications/Incident-Response-Analyst-Report-2020.pdf at 657deb6a6eb6e00669afd40173f425fb49682eaa · klsecservices/Publications

  

  Contribute to klsecservices/Publications development by creating an account on GitHub.

  
  Read More

• Mouse Lock

  

  Download Mouse Lock for free. Locks your computer and see if anyone was trying to guess the password. Feel like locking your mouse when you are away? Well...

  
  Read More

Related rules

• CredUI.DLL Loaded By Uncommon Process
• Automated Collection Command Prompt
• Cisco BGP Authentication Failures
• Cisco Collect Data
• Cisco LDP Authentication Failures