Techniques
Sample rules
PUA - Mouse Lock Execution
- source: sigma
- technicques:
- t1056
- t1056.002
Description
In Kaspersky’s 2020 Incident Response Analyst Report they listed legitimate tool “Mouse Lock” as being used for both credential access and collection in security incidents.
Detection logic
condition: selection
selection:
- Product|contains: Mouse Lock
- Company|contains: Misc314
- CommandLine|contains: Mouse Lock_