Merge pull request #1079 from zeze-zeze/zeze/feat/DirectInput

zeze-zeze · web-flow · commit 14dcc55c3209 · 2025-10-28T14:12:07.000+01:00
feat: log keystrokes via direct input
diff --git a/collection/keylog/log-keystrokes-via-direct-input.yml b/collection/keylog/log-keystrokes-via-direct-input.yml
@@ -0,0 +1,19 @@
+rule:
+  meta:
+    name: log keystrokes via direct input
+    namespace: collection/keylog
+    authors:
+      - zeze-zeze
+    scopes:
+      static: function
+      dynamic: call
+    att&ck:
+      - Collection::Input Capture::Keylogging [T1056.001]
+    examples:
+      - 0db010298586f17ee7e46f390d5724be.exe_
+  features:
+    - or:
+      - api: dinput8.DirectInput8Create
+      - api: dinput.DirectInputCreateEx
+      - api: dinput.DirectInputCreateW
+      - api: dinput.DirectInputCreateA
