Potential Iviewers.DLL Sideloading
Detects potential DLL sideloading of "iviewers.dll" (OLE/COM Object Interface Viewer)
Sigma rule (View on GitHub)
1title: Potential Iviewers.DLL Sideloading
2id: 4c21b805-4dd7-469f-b47d-7383a8fcb437
3status: test
4description: Detects potential DLL sideloading of "iviewers.dll" (OLE/COM Object Interface Viewer)
5references:
6 - https://www.secureworks.com/research/shadowpad-malware-analysis
7author: X__Junior (Nextron Systems)
8date: 2023/03/21
9tags:
10 - attack.defense_evasion
11 - attack.privilege_escalation
12 - attack.t1574.001
13 - attack.t1574.002
14logsource:
15 category: image_load
16 product: windows
17detection:
18 selection:
19 ImageLoaded|endswith: '\iviewers.dll'
20 filter:
21 ImageLoaded|startswith:
22 - 'C:\Program Files (x86)\Windows Kits\'
23 - 'C:\Program Files\Windows Kits\'
24 condition: selection and not filter
25falsepositives:
26 - Unknown
27level: high
References
-
In this threat analysis, ShadowPad samples reveals clusters of activity linked to threat groups affiliated with the Chinese Ministry of State Security (MSS) civilian intelligence agency and the People's Liberation Army (PLA).
Read More
Related rules
- Microsoft Office DLL Sideload
- Potential Antivirus Software DLL Sideloading
- Potential Rcdll.DLL Sideloading
- Creation Of Non-Existent System DLL
- Potential DLL Sideloading Of Non-Existent DLLs From System Folders