PUA - Mouse Lock ExecutionFeb 21, 2023 · attack.credential_access attack.collection attack.t1056.002 ·
In Kaspersky's 2020 Incident Response Analyst Report they listed legitimate tool "Mouse Lock" as being used for both credential access and collection in security incidents.
UIPromptForCredentials DLLsJan 20, 2023 · attack.credential_access attack.collection attack.t1056.002 ·
Detects potential use of UIPromptForCredentials functions by looking for some of the DLLs needed for it.
GUI Input Capture - macOSDec 27, 2022 · attack.credential_access attack.t1056.002 ·
Detects attempts to use system dialog prompts to capture user credentials