Detecting DLL Hijacking With VQL :: Velociraptor - Digging deeper!
Tags
| attack-pattern: | Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | bc4b87f3-be60-4033-b6f0-0d86c4ade7e7 |
| Fingerprint | 3f009b01cd2c5ac2 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Feb. 2, 2021, midnight |
| Added to db | Aug. 31, 2024, 2:11 a.m. |
| Last updated | Nov. 20, 2024, 9:37 a.m. |
| Headline | Detecting DLL Hijacking With VQL |
| Title | Detecting DLL Hijacking With VQL :: Velociraptor - Digging deeper! |
| Detected Hints/Tags/Attributes | 20/1/9 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 104 | ✔ | Velociraptor Blog | https://docs.velociraptor.app/blog/index.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4141 | github.com |
|
| Details | Domain | 35 | www.velocidex.com |
|
| Details | File | 5 | wkscli.dll |
|
| Details | File | 751 | kernel32.dll |
|
| Details | File | 2 | c:\windows\syswow64\rpcrt4.dll |
|
| Details | Github username | 3 | monoxgas |
|
| Details | Url | 1 | https://github.com/monoxgas/koppeling |
|
| Details | Url | 5 | https://www.velocidex.com/training |
|
| Details | Url | 7 | https://www.velocidex.com/discord. |