title: Pandemic Registry Key
id: 9fefd33c-339d-4495-9cba-b96ca006f512
related:
    - id: 47e0852a-cf81-4494-a8e6-31864f8c86ed
      type: derived
status: experimental
description: Detects Pandemic Windows Implant
references:
    - https://wikileaks.org/vault7/#Pandemic
    - https://twitter.com/MalwareJake/status/870349480356454401
tags:
    - attack.lateral_movement
    - attack.t1105
author: Florian Roth
date: 2017/06/01
modified: 2021/09/12
logsource:
    category: process_creation
    product: windows
detection:
    selection:
        CommandLine|contains: 'loaddll -a '
    condition: selection
falsepositives:
    - Unknown
level: critical
fields:
    - EventID
    - CommandLine
    - ParentCommandLine
    - Image
    - User
    - TargetObject