capture microphone audio

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: capture microphone audio
    namespace: collection/microphone
    authors:
      - "@_re_fox"
    scopes:
      static: function
      dynamic: thread
    att&ck:
      - Collection::Audio Capture [T1123]
    examples:
      - a70052c45e907820187c7e6bcdc7ecca:0x405B40
  features:
    - or:
      - and:
        - api: mciSendString
        - string: /^open/i
        - string: /waveaudio/i
        - string: /^record/i
      - api: winmm.waveInOpen
      - api: winmm.waveInAddBuffer
      - api: winmm.waveInStart

last edited: 2023-11-24 10:34:28