LetsDefend Monitoring Alert

Possible DLL Sideloading Detected

Dec, 15, 2023, 11:46 AM

Event ID: 209

Event Time: Dec, 15, 2023, 11:46 AM

Rule Name: SOC247 - Possible DLL Sideloading Detected

Alert Type: Malware

MITRE Technique:
T1204 - Execution - User Execution,
T1204.002 - Execution - User Execution: Malicious File,
T1566.001 - Initial Access - Phishing: Spearphishing Attachment,
T1059.003 - Execution - Command and Scripting Interpreter: Windows Command Shell,
T1574.002 - Privilege Escalation - Hijack Execution Flow: DLL Side-Loading,
T1036.008 - Defense Evasion - Masquerading: Masquerade File Type,
T1071.001 - Command and Control - Application Layer Protocol: Web Protocols,

Real World Example:https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/

Severity: Medium

Incident Responder

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166