Potential Wazuh Security Platform DLL Sideloading

Rule Info

Name
Potential Wazuh Security Platform DLL Sideloading
Author
X__Junior (Nextron Systems)
Description
Detects potential DLL side loading of DLLs that are part of the Wazuh security platform
Reference
https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
Date
2023-03-13 00:00:00
Modified
2023-05-12 00:00:00
Id
db77ce78-7e28-4188-9337-cf30e2b3ba9f
Tags
attack.defense_evasion attack.persistence attack.privilege_escalation attack.t1574.001 attack.t1574.002 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=db77ce78-7e28-4188-9337-cf30e2b3ba9f

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #4791 from @nasbench - Promote older rules status from `experimental` to `test`
2024-04-01
a8e1ecd65
Nasreddine Bencherchali
feat: new rules, updates and goofy guineapig stuff (#4229)
2023-05-15
0cb01970e
Nasreddine Bencherchali
chore: author update
2023-04-12
bb7aabb4b
Nasreddine Bencherchali
feat: new rules, updates and fp fixes (#4136)
2023-04-03
3d9372bef
Nasreddine Bencherchali
chore: increase level of some sideloading rules
2023-03-15
83bcab5fd
Mohamed Ashraf
Update rules/windows/image_load/image_load_side_load_wazuh.yml
2023-03-14
7d3b540de
Nasreddine Bencherchali
fix: improve metadata
2023-03-13
77a825bee
Nasreddine Bencherchali
fix: fp
2023-03-13
072dc5e98
Mohamed Ashraf (X__Junior)
new rules related to possible dll sideloading
2023-03-13
1a4ad4c67
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022