Find sigma rule

Attack: Audio Capture

An adversary can leverage a computer’s peripheral devices (e.g., microphones and webcams) or applications (e.g., voice and video call services) to capture audio recordings for the purpose of listening into sensitive conversations to gather information.(Citation: ESET Attor Oct 2019)

Malware or scripts may be used to interact with the devices through an available API provided by the operating system or an application to capture audio. Audio files may be written to disk and exfiltrated later.

MITRE

Tactic

collection

technique

T1123

Test : using device audio capture commandlet

OS

windows

Description:

AudioDeviceCmdlets

Executor

powershell

Sigma Rule

proc_creation_win_powershell_audio_capture.yml (id: 932fb0d8-692b-4b0f-a26e-5643a50fe7d6)

back

sigma_redcanaryco

Knowing which rule should trigger according to the redcannary test