PUA - Mouse Lock Execution
In Kaspersky's 2020 Incident Response Analyst Report they listed legitimate tool "Mouse Lock" as being used for both credential access and collection in security incidents.
Sigma rule (View on GitHub)
1title: PUA - Mouse Lock Execution
2id: c9192ad9-75e5-43eb-8647-82a0a5b493e3
3status: test
4description: In Kaspersky's 2020 Incident Response Analyst Report they listed legitimate tool "Mouse Lock" as being used for both credential access and collection in security incidents.
5references:
6 - https://github.com/klsecservices/Publications/blob/657deb6a6eb6e00669afd40173f425fb49682eaa/Incident-Response-Analyst-Report-2020.pdf
7 - https://sourceforge.net/projects/mouselock/
8author: Cian Heasley
9date: 2020/08/13
10modified: 2023/02/21
11tags:
12 - attack.credential_access
13 - attack.collection
14 - attack.t1056.002
15logsource:
16 product: windows
17 category: process_creation
18detection:
19 selection:
20 - Product|contains: 'Mouse Lock'
21 - Company|contains: 'Misc314'
22 - CommandLine|contains: 'Mouse Lock_'
23 condition: selection
24fields:
25 - Product
26 - Company
27 - CommandLine
28falsepositives:
29 - Legitimate uses of Mouse Lock software
30level: medium
References
-
-
Download Mouse Lock for free. Locks your computer and see if anyone was trying to guess the password. Feel like locking your mouse when you are away? Well...
Read More
Related rules
- Automated Collection Command Prompt
- GUI Input Capture - macOS
- Esentutl Gather Credentials
- PUA - DIT Snapshot Viewer
- PowerShell Get-Process LSASS