security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
063bb57dfdabbefb7c84166b7a35dfdabd2b8c90
blue-team-tools/rules/windows/image_load/image_load_side_load_iviewers.yml
T
Nasreddine Bencherchali bb7aabb4b4 chore: author update
2023-04-12 16:11:58 +02:00

28 lines
808 B
YAML
Raw Blame History

title: Potential Iviewers.DLL Sideloading
id: 4c21b805-4dd7-469f-b47d-7383a8fcb437
status: experimental
description: Detects potential DLL sideloading of "iviewers.dll" (OLE/COM Object Interface Viewer)
references:
- https://www.secureworks.com/research/shadowpad-malware-analysis
author: X__Junior (Nextron Systems)
date: 2023/03/21
tags:
- attack.defense_evasion
- attack.privilege_escalation
- attack.t1574.001
- attack.t1574.002
logsource:
category: image_load
product: windows
detection:
selection:
ImageLoaded|endswith: '\iviewers.dll'
filter:
ImageLoaded|startswith:
- 'C:\Program Files (x86)\Windows Kits\'
- 'C:\Program Files\Windows Kits\'
condition: selection and not filter
falsepositives:
- Unknown
level: high
Reference in New Issue View Git Blame Copy Permalink