Katz Stealer DLL Loaded
Detects loading of DLLs associated with Katz Stealer malware 2025 variants. Katz Stealer is a malware variant that is known to be used for stealing sensitive information from compromised systems. The process that loads these DLLs are very likely to be malicious.
Sigma rule (View on GitHub)
1title: Katz Stealer DLL Loaded
2id: e6c7ab7c-c79d-4b84-b913-b2ec3f8e8a98
3status: experimental
4description: |
5 Detects loading of DLLs associated with Katz Stealer malware 2025 variants.
6 Katz Stealer is a malware variant that is known to be used for stealing sensitive information from compromised systems.
7 The process that loads these DLLs are very likely to be malicious.
8references:
9 - Internal Research
10author: Swachchhanda Shrawan Poudel (Nextron Systems)
11date: 2025-05-22
12tags:
13 - attack.execution
14 - attack.t1129
15 - detection.emerging-threats
16logsource:
17 category: image_load
18 product: windows
19detection:
20 selection:
21 ImageLoaded|endswith:
22 - '\katz_ontop.dll'
23 - '\AppData\Local\Temp\received_dll.dll'
24 condition: selection
25falsepositives:
26 - Unlikely
27level: high
References
Related rules
- Potential Exploitation of CVE-2025-4427/4428 Ivanti EPMM Pre-Auth RCE
- Kapeka Backdoor Loaded Via Rundll32.EXE
- Kapeka Backdoor Scheduled Task Creation
- Potential Exploitation of CVE-2024-3094 - Suspicious SSH Child Process
- Suspicious CrushFTP Child Process