Rule Library

Sigma Rules

6 rules found for "Wietze Beukema (project and research)"

3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest

Potential Antivirus Software DLL Sideloading

Detects potential DLL sideloading of DLLs that are part of antivirus software suchas McAfee, Symantec...etc

WindowsImage Load (DLL)
TA0005 · Defense EvasionTA0003 · PersistenceTA0004 · Privilege EscalationT1574.001 · DLL Search Order Hijacking
Nasreddine Bencherchali (Nextron Systems)+1Wed Aug 17windows
Detectionmediumtest

Potential Chrome Frame Helper DLL Sideloading

Detects potential DLL sideloading of "chrome_frame_helper.dll"

WindowsImage Load (DLL)
TA0005 · Defense EvasionTA0003 · PersistenceTA0004 · Privilege EscalationT1574.001 · DLL Search Order Hijacking
Nasreddine Bencherchali (Nextron Systems)+1Wed Aug 17windows
Detectionmediumtest

Potential DLL Sideloading Of DBGCORE.DLL

Detects DLL sideloading of "dbgcore.dll"

WindowsImage Load (DLL)
TA0005 · Defense EvasionTA0003 · PersistenceTA0004 · Privilege EscalationT1574.001 · DLL Search Order Hijacking
Nasreddine Bencherchali (Nextron Systems)+1Tue Oct 25windows
Detectionmediumtest

Potential DLL Sideloading Of DBGHELP.DLL

Detects potential DLL sideloading of "dbghelp.dll"

WindowsImage Load (DLL)
TA0005 · Defense EvasionTA0003 · PersistenceTA0004 · Privilege EscalationT1574.001 · DLL Search Order Hijacking
Nasreddine Bencherchali (Nextron Systems)+1Tue Oct 25windows
Detectionhightest

Microsoft Office DLL Sideload

Detects DLL sideloading of DLLs that are part of Microsoft Office from non standard location

WindowsImage Load (DLL)
TA0005 · Defense EvasionTA0003 · PersistenceTA0004 · Privilege EscalationT1574.001 · DLL Search Order Hijacking
Nasreddine Bencherchali (Nextron Systems)+1Wed Aug 17windows
Detectionmediumtest

Third Party Software DLL Sideloading

Detects DLL sideloading of DLLs that are part of third party software (zoom, discord....etc)

WindowsImage Load (DLL)
TA0005 · Defense EvasionTA0003 · PersistenceTA0004 · Privilege EscalationT1574.001 · DLL Search Order Hijacking
Nasreddine Bencherchali (Nextron Systems)+1Wed Aug 17windows