Techniques
Sample rules
Audio Capture via SoundRecorder
- source: sigma
- technicques:
- t1123
Description
Detect attacker collecting audio via SoundRecorder application.
Detection logic
condition: selection
selection:
CommandLine|contains: /FILE
Image|endswith: \SoundRecorder.exe
Audio Capture via PowerShell
- source: sigma
- technicques:
- t1123
Description
Detects audio capture via PowerShell Cmdlet.
Detection logic
condition: selection
selection:
CommandLine|contains:
- WindowsAudioDevice-Powershell-Cmdlet
- Toggle-AudioDevice
- 'Get-AudioDevice '
- 'Set-AudioDevice '
- 'Write-AudioDevice '