Potential Raspberry Robin Aclui Dll SideLoading

Rule Info

Name
Potential Raspberry Robin Aclui Dll SideLoading
Author
Swachchhanda Shrawan Poudel
Description
Detects potential sideloading of malicious "aclui.dll" by OleView.This behavior was observed in Raspberry-Robin variants reported by chekpoint research on Feburary 2024.
Date
2024-07-31 00:00:00
Modified
None
Id
0f3a9db2-c17a-480e-a723-d1f1c547ab6a
Tags
detection.emerging-threats attack.defense-evasion attack.privilege-escalation attack.t1574.001 attack.t1574.002 DEMO
Type
Community Rule

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
Swachchhanda Shrawan Poudel
Merge PR #4763 from @swachchhanda000 - New rules related to Raspberry Robin TTPs
2024-08-01