Potential Python DLL SideLoading

Rule Info

Name
Potential Python DLL SideLoading
Author
Swachchhanda Shrawan Poudel
Description
Detects potential DLL sideloading of Python DLL files.
Reference
https://www.securonix.com/blog/seolurker-attack-campaign-uses-seo-poisoning-fake-google-ads-to-install-malware/
Date
2024-10-06 00:00:00
Modified
2025-08-18 00:00:00
Id
d36f7c12-14a3-4d48-b6b8-774b9c66f44d
Tags
attack.privilege-escalation attack.persistence attack.defense-evasion attack.t1574.001
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=d36f7c12-14a3-4d48-b6b8-774b9c66f44d

Rule History

Author
Title
Date
Commit
phantinuss
chore: ci: bump validator version (#5722)
2025-10-23
c8075cab6
Swachchhanda Shrawan Poudel
Merge PR #5599 from @swachchhanda000 - fix FPs around pyinstaller
2025-10-01
9ef186d3d
github-actions[bot]
Merge PR #5637 from @nasbench - Promote older rules status from `experimental` to `test`
2025-09-22
8062eadcc
frack113
Merge PR #5418 from @frack113 - chore: 🧹 Update MITRE V17 DLL tags
2025-05-15
83b9ff50b
Swachchhanda Shrawan Poudel
Merge PR #5031 from @swachchhanda000 - Add `Potential Python DLL SideLoading`
2024-10-07
d1f1fc716
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022