Techniques
Sample rules
Potential ShellDispatch.DLL Sideloading
- source: sigma
- technicques:
- t1574
- t1574.001
- t1574.002
Description
Detects potential DLL sideloading of “ShellDispatch.dll”
Detection logic
condition: selection and not 1 of filter_main_*
filter_main_legit_path:
- ImageLoaded|contains|all:
- :\Users\
- \AppData\Local\Temp\
- ImageLoaded|contains: :\Windows\Temp\
selection:
ImageLoaded|endswith: \ShellDispatch.dll