Tag
high
advisory
GlassWorm Threat: DLL Injection and Chrome Hijacking
2 rules 2 TTPsThe GlassWorm threat involves DLL injection and Chrome hijacking via COM abuse, confirming a full supply chain loop, potentially leading to data theft and system compromise.
dll-injection
chrome-hijacking
com-abuse
supply-chain
2r
2t
medium
advisory
Unsigned DLL Loaded by Svchost for Persistence and Privilege Escalation
2 rules 4 TTPs 5 IOCsAdversaries may load unsigned DLLs into svchost.exe to establish persistence or escalate privileges, leveraging a shared Windows service to execute malicious code with elevated permissions.
Elastic Defend
persistence
defense-evasion
execution
windows
dll-injection
2r
4t
5i
medium
advisory
LSASS Loading Suspicious DLL
2 rules 2 TTPs 9 IOCsDetection of LSASS loading an unsigned or untrusted DLL, which can indicate credential access attempts by malicious actors targeting sensitive information stored in the LSASS process.
Windows
credential-access
lsass
dll-injection
2r
2t
9i