Modification of ld.so.preload¶
Identifies modification of ld.so.preload for shared object injection. This technique is used by attackers to load arbitrary code into processes.
| id: | fd9b987a-1101-4ed3-bda6-a70300eaf57e |
|---|---|
| categories: | detect |
| confidence: | medium |
| os: | linux |
| created: | 05/17/2019 |
| updated: | 05/17/2019 |
MITRE ATT&CK™ Mapping¶
| tactics: | Defense Evasion |
|---|---|
| techniques: | T1055 Process Injection |
Query¶
file where file_path="/etc/ld.so.preload"