Skip to content

Hide Navigation Hide TOC

Suspicious Keyboard Layout Load (34aa0252-6039-40ff-951f-939fd6ce47d8)

Detects the keyboard preload installation with a suspicious keyboard layout, e.g. Chinese, Iranian or Vietnamese layout load in user session on systems maintained by US staff only

Cluster A Galaxy A Cluster B Galaxy B Level
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Suspicious Keyboard Layout Load (34aa0252-6039-40ff-951f-939fd6ce47d8) Sigma-Rules 1
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2