mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-07 01:45:21 +00:00
18 lines
506 B
YAML
18 lines
506 B
YAML
title: Code Injection by ld.so Preload
|
|
id: 7e3c4651-c347-40c4-b1d4-d48590fdf684
|
|
status: experimental
|
|
description: Detects the ld.so preload persistence file. See `man ld.so` for more information.
|
|
author: Christian Burkard
|
|
date: 2021/05/05
|
|
references:
|
|
- https://man7.org/linux/man-pages/man8/ld.so.8.html
|
|
logsource:
|
|
product: linux
|
|
detection:
|
|
keyword:
|
|
- '/etc/ld.so.preload'
|
|
condition: keyword
|
|
falsepositives:
|
|
- rare temporary workaround for library misconfiguration
|
|
level: high
|