Modification of ld.so.preload¶
Identifies modification of ld.so.preload for shared object injection. This technique is used by attackers to load arbitrary code into processes.
id: | fd9b987a-1101-4ed3-bda6-a70300eaf57e |
---|---|
categories: | detect |
confidence: | medium |
os: | linux |
created: | 05/17/2019 |
updated: | 05/17/2019 |
MITRE ATT&CK™ Mapping¶
tactics: | Defense Evasion |
---|---|
techniques: | T1055 Process Injection |
Query¶
file where file_path="/etc/ld.so.preload"