diff --git a/rules/windows/image_load/image_load_side_load_libvlc.yml b/rules/windows/image_load/image_load_side_load_libvlc.yml
new file mode 100644
index 000000000..2180775aa
--- /dev/null
+++ b/rules/windows/image_load/image_load_side_load_libvlc.yml
@@ -0,0 +1,29 @@
+title: Potential Libvlc.DLL Sideloading
+id: bf9808c4-d24f-44a2-8398-b65227d406b6
+status: experimental
+description: Detects potential DLL sideloading of "libvlc.dll" a DLL used often by "VLC.exe"
+references:
+    - https://www.trendmicro.com/en_us/research/23/c/earth-preta-updated-stealthy-strategies.html
+    - https://hijacklibs.net/entries/3rd_party/vlc/libvlc.html
+author: X__Junior
+date: 2023/04/17
+tags:
+    - attack.defense_evasion
+    - attack.persistence
+    - attack.privilege_escalation
+    - attack.t1574.001
+    - attack.t1574.002
+logsource:
+    category: image_load
+    product: windows
+detection:
+    selection:
+        ImageLoaded|endswith: '\libvlc.dll'
+    filter_main_vlc:
+        ImageLoaded|startswith:
+            - 'C:\Program Files (x86)\VideoLAN\VLC\'
+            - 'C:\Program Files\VideoLAN\VLC\'
+    condition: selection and not 1 of filter_main_*
+falsepositives:
+    - Some false positives is expected if VLC is installed in non-default locations
+level: medium
\ No newline at end of file