Potential SmadHook.DLL Sideloading

Rule Info

Name
Potential SmadHook.DLL Sideloading
Author
X__Junior (Nextron Systems)
Description
Detects potential DLL sideloading of "SmadHook.dll", a DLL used by SmadAV antivirus
Reference
https://research.checkpoint.com/2023/malware-spotlight-camaro-dragons-tinynote-backdoor/
Date
2023-06-01 00:00:00
Modified
None
Id
24b6cf51-6122-469e-861a-22974e9c1e5b
Tags
attack.defense_evasion attack.privilege_escalation attack.t1574.001 attack.t1574.002 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=24b6cf51-6122-469e-861a-22974e9c1e5b

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #4791 from @nasbench - Promote older rules status from `experimental` to `test`
2024-04-01
a8e1ecd65
Mohamed Ashraf
feat: add new rule for "SmadHook.dll" potential sideloading (#4282)
2023-06-02
9b2c23c4b
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022