Potential WWlib.DLL Sideloading

Rule Info

Name
Potential WWlib.DLL Sideloading
Author
X__Junior (Nextron Systems)
Description
Detects potential DLL sideloading of "wwlib.dll"
Reference
https://twitter.com/WhichbufferArda/status/1658829954182774784
Date
2023-05-18 00:00:00
Modified
None
Id
e2e01011-5910-4267-9c3b-4149ed5479cf
Tags
attack.defense_evasion attack.privilege_escalation attack.t1574.001 attack.t1574.002 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=e2e01011-5910-4267-9c3b-4149ed5479cf

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #4791 from @nasbench - Promote older rules status from `experimental` to `test`
2024-04-01
a8e1ecd65
Nasreddine Bencherchali
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18
95793d73b
Nasreddine Bencherchali
chore: update metadata and filter
2023-05-18
0ca45bf32
Mohamed Ashraf (X__Junior)
Create image_load_side_load_wwlib.yml
2023-05-18
1ea6e7390
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022