EXPLORE

← Back to Explore

T1123

Audio Capture

An adversary can leverage a computer's peripheral devices (e.g., microphones and webcams) or applications (e.g., voice and video call services) to capture audio recordings for the purpose of listening into sensitive conversations to gather information.(Citation: ESET Attor Oct 2019) Malware or scripts may be used to interact with the devices through an available API provided by the operating system or an application to capture audio. Audio files may be written to disk and exfiltrated later.

LinuxmacOSWindows

11

Detections

3

Sources

1

Threat Actors

BY SOURCE

6sigma3splunk_escu2elastic

PROCEDURES (6)

General Monitoring4 detections

Auto-extracted: 4 detections for general monitoring

Remote3 detections

Auto-extracted: 3 detections for remote

Powershell1 detections

Auto-extracted: 1 detections for powershell

Process Creation Monitoring1 detections

Auto-extracted: 1 detections for process creation monitoring

Powershell1 detections

Auto-extracted: 1 detections for powershell

Registry Monitoring1 detections

Auto-extracted: 1 detections for registry monitoring

THREAT ACTORS (1)

DETECTIONS (11)

Audio Capture via PowerShell

Audio Capture via SoundRecorder

Linux Audio Recording Activity Detected

OpenCanary - SIP Request

PowerShell Suspicious Script with Audio Capture Capabilities

Processes Accessing the Microphone and Webcam

Suspicious Camera and Microphone Access

Zoom Rare Audio Devices

Zoom Rare Input Devices

Zoom Rare Video Devices