English
English Indonesia Türkçe Deutsch Español Português Pусский Français Italiano Nederlands Polski العربية ไทย Tiếng Việt 繁體中文 简体中文 日本語 한국어

#dllsideloading search results

CybleInsights's profile picture. Exploring the ever-evolving world of cybersecurity and digital threats. Stay informed, stay secure. Subscribe to CRIL
CRIL (Cyble Research and Intelligence Labs)
 @CybleInsights
Sep 15

Cyble Research & Intelligence Labs detected Maranhão Stealer, a Node.js–based credential stealer leveraging reflective DLL injection. #Infostealer #DLLSideloading #Reflective #DLLInjection #SocialEngineering #CredentialStealer cyble.com/blog/inside-ma…

CybleInsights's tweet image. Cyble Research & Intelligence Labs detected Maranhão Stealer, a Node.js–based credential stealer leveraging reflective DLL injection. #Infostealer #DLLSideloading #Reflective #DLLInjection #SocialEngineering #CredentialStealer cyble.com/blog/inside-ma…
0
22
50
20
14K
Unit42_Intel's profile picture. The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
Unit 42
 @Unit42_Intel
May 20

New #ClickFix activity: User is asked to run PowerShell script that retrieves and runs an MSI file in memory. This infection chain performs #DLLSideLoading using legitimate "NVIDIA Notification.exe" to load a malicious DLL named libcef.dll. More info at bit.ly/4krPhLd

Unit42_Intel's tweet image. New #ClickFix activity: User is asked to run PowerShell script that retrieves and runs an MSI file in memory. This infection chain performs #DLLSideLoading using legitimate "NVIDIA Notification.exe" to load a malicious DLL named libcef.dll. More info at bit.ly/4krPhLd
Unit42_Intel's tweet image. New #ClickFix activity: User is asked to run PowerShell script that retrieves and runs an MSI file in memory. This infection chain performs #DLLSideLoading using legitimate "NVIDIA Notification.exe" to load a malicious DLL named libcef.dll. More info at bit.ly/4krPhLd
Unit42_Intel's tweet image. New #ClickFix activity: User is asked to run PowerShell script that retrieves and runs an MSI file in memory. This infection chain performs #DLLSideLoading using legitimate "NVIDIA Notification.exe" to load a malicious DLL named libcef.dll. More info at bit.ly/4krPhLd
2
59
160
63
17K
c_APT_ure's profile picture. #InfoSec professional, husband & father of two (in random order). #BlueTeam #DFIR #APT #CTI #RedTeaming #BSidesZH (RT/Likes ≠ endorsement) 👀➡️#MalwareChallenge
TomU | I'm still here... til the end 🕊️🇨🇭
 @c_APT_ure
Jul 5

Here's another one: virustotal.com/gui/file/ed244… RAR > Draft AR2025422_640935546.pdf.exe (signed: appletviewer.exe) malicious DLLs: jli.dll concrt141.dll XWorm C2: hciagriitec.ddns[.]net #DLLsideloading #MalwareChallenge

c_APT_ure's tweet image. Here's another one: virustotal.com/gui/file/ed244… RAR > Draft AR2025422_640935546.pdf.exe (signed: appletviewer.exe) malicious DLLs: jli.dll concrt141.dll XWorm C2: hciagriitec.ddns[.]net #DLLsideloading #MalwareChallenge
c_APT_ure's tweet image. Here's another one: virustotal.com/gui/file/ed244… RAR > Draft AR2025422_640935546.pdf.exe (signed: appletviewer.exe) malicious DLLs: jli.dll concrt141.dll XWorm C2: hciagriitec.ddns[.]net #DLLsideloading #MalwareChallenge
c_APT_ure's tweet image. Here's another one: virustotal.com/gui/file/ed244… RAR > Draft AR2025422_640935546.pdf.exe (signed: appletviewer.exe) malicious DLLs: jli.dll concrt141.dll XWorm C2: hciagriitec.ddns[.]net #DLLsideloading #MalwareChallenge
0
2
3
1
1K
CybleInsights's profile picture. Exploring the ever-evolving world of cybersecurity and digital threats. Stay informed, stay secure. Subscribe to CRIL
CRIL (Cyble Research and Intelligence Labs)
 @CybleInsights
Jan 17

Cyble analyzes a cyberattack specifically engineered to target German citizens via DLL Sideloading, DLL Proxying, and the use of Sliver. cyble.com/blog/sliver-im… #Cyberattack #Sliver #DLLSideloading #DLLProxying #SocialEngineering

CybleInsights's tweet image. Cyble analyzes a cyberattack specifically engineered to target German citizens via DLL Sideloading, DLL Proxying, and the use of Sliver. cyble.com/blog/sliver-im… #Cyberattack #Sliver #DLLSideloading #DLLProxying #SocialEngineering
1
3
16
4
2K
c_APT_ure's profile picture. #InfoSec professional, husband & father of two (in random order). #BlueTeam #DFIR #APT #CTI #RedTeaming #BSidesZH (RT/Likes ≠ endorsement) 👀➡️#MalwareChallenge
TomU | I'm still here... til the end 🕊️🇨🇭
 @c_APT_ure
Jul 4

Here some #DLLsideloading samples from recent months pastebin.com/raw/Kq7Dfdwc Is someone already making a list of abused DLL-sideloadable EXEs? (Part of LOLbins?) Adding #MalwareChallenge just in case anyone monitors that tag 😜

c_APT_ure's tweet image. Here some #DLLsideloading samples from recent months pastebin.com/raw/Kq7Dfdwc Is someone already making a list of abused DLL-sideloadable EXEs? (Part of LOLbins?) Adding #MalwareChallenge just in case anyone monitors that tag 😜
c_APT_ure's tweet image. Here some #DLLsideloading samples from recent months pastebin.com/raw/Kq7Dfdwc Is someone already making a list of abused DLL-sideloadable EXEs? (Part of LOLbins?) Adding #MalwareChallenge just in case anyone monitors that tag 😜
1
2
2
3
759
ShanHolo's profile picture. Another blue team member…..#CSIRT #DFIR #Malware #4n6 #ThreatIntel and following the white rabbit...
Shanholo
 @ShanHolo
Dec 5

⚠️#DllSideLoading ☣️firefox.exe/winhttp.dll➡️c2ce2f03afdbc181e74e93e6d9f82def 🔥Low Detection ratio 📡173.194.195.94

ShanHolo's tweet image. ⚠️#DllSideLoading ☣️firefox.exe/winhttp.dll➡️c2ce2f03afdbc181e74e93e6d9f82def 🔥Low Detection ratio 📡173.194.195.94
ShanHolo's profile picture. Another blue team member…..#CSIRT #DFIR #Malware #4n6 #ThreatIntel and following the white rabbit...
Shanholo
 @ShanHolo
Dec 3

🔥#DFIR #CSIRT #Intrusion🔥 1⃣Social engineering Initial access. 2⃣TA leveraged Microsoft Edge to retrieve two dat files from Internet. 3⃣TA archived bot dat files among with a TAR file using command "type". 🫢 4⃣TAR file le contained a malicious DLL masquerading as winhttp.dll.

1
2
0
0
4K
2
4
18
5
2K
c_APT_ure's profile picture. #InfoSec professional, husband & father of two (in random order). #BlueTeam #DFIR #APT #CTI #RedTeaming #BSidesZH (RT/Likes ≠ endorsement) 👀➡️#MalwareChallenge
TomU | I'm still here... til the end 🕊️🇨🇭
 @c_APT_ure
Mar 7

#MalwareChallenge How often do you see a #malware attachment with a clean/benign/signed executable using #DLLsideloading that is not part of a red team ex.? Sample on @abuse_ch Bazaar: bazaar.abuse.ch/sample/141148b…

c_APT_ure's tweet image. #MalwareChallenge How often do you see a #malware attachment with a clean/benign/signed executable using #DLLsideloading that is not part of a red team ex.? Sample on @abuse_ch Bazaar: bazaar.abuse.ch/sample/141148b…
c_APT_ure's tweet image. #MalwareChallenge How often do you see a #malware attachment with a clean/benign/signed executable using #DLLsideloading that is not part of a red team ex.? Sample on @abuse_ch Bazaar: bazaar.abuse.ch/sample/141148b…
c_APT_ure's tweet image. #MalwareChallenge How often do you see a #malware attachment with a clean/benign/signed executable using #DLLsideloading that is not part of a red team ex.? Sample on @abuse_ch Bazaar: bazaar.abuse.ch/sample/141148b…
c_APT_ure's tweet image. #MalwareChallenge How often do you see a #malware attachment with a clean/benign/signed executable using #DLLsideloading that is not part of a red team ex.? Sample on @abuse_ch Bazaar: bazaar.abuse.ch/sample/141148b…
2
3
9
6
2K
Richard_S81's profile picture. CIO/CSO/CISO/IT-IS-AI- DATA-Cyber Leader | @clusis_Suisse @CESIN_France | @LegionEtrangere | @Gendarmerie 🗣️🇺🇸 🇫🇷
Richard S.
@Richard_S81
May 7, 2023

#Hacking #APT #DLLSideloading #DragonBreath #Gambling #Vulnerability #Malware #CyberCrime #CyberAttack #CyberAttack An APT group tracked as Dragon Breath has been observed employing a new DLL sideloading technique. news.sophos.com/en-us/2023/05/…

Richard_S81's tweet image. #Hacking #APT #DLLSideloading #DragonBreath #Gambling #Vulnerability #Malware #CyberCrime #CyberAttack #CyberAttack An APT group tracked as Dragon Breath has been observed employing a new DLL sideloading technique. news.sophos.com/en-us/2023/05/…
0
1
2
0
214
blueteamsec1's profile picture. The cybersecurity home for the latest #BlueTeam, #DFIR, and #ThreatHunting news and tools.
Blue Team News
@blueteamsec1
Sep 12, 2023

Chimera - Automated DLL Sideloading Tool With EDR Evasion Capabilities #DllSideloading #EdrBypass #OffensiveSecurity #Python3 dlvr.it/Sw1BBg

blueteamsec1's tweet image. Chimera - Automated DLL Sideloading Tool With EDR Evasion Capabilities #DllSideloading #EdrBypass #OffensiveSecurity #Python3 dlvr.it/Sw1BBg
0
8
18
7
3K
Unit42_Intel's profile picture. The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
Unit 42
 @Unit42_Intel
Sep 20, 2024

2024-09-19 (Thurs): As early as 2024-09-10, this infection chain abuses steamerrorreporter64.exe to side-load vstdlib_s64.dll as a downloader to retrieve & run #LummaStealer. Details at bit.ly/3zrV0yY #DllSideLoading #Lumma #TimelyThreatIntel #Unit42ThreatIntel

Unit42_Intel's tweet image. 2024-09-19 (Thurs): As early as 2024-09-10, this infection chain abuses steamerrorreporter64.exe to side-load vstdlib_s64.dll as a downloader to retrieve & run #LummaStealer. Details at bit.ly/3zrV0yY #DllSideLoading #Lumma #TimelyThreatIntel #Unit42ThreatIntel
Unit42_Intel's tweet image. 2024-09-19 (Thurs): As early as 2024-09-10, this infection chain abuses steamerrorreporter64.exe to side-load vstdlib_s64.dll as a downloader to retrieve & run #LummaStealer. Details at bit.ly/3zrV0yY #DllSideLoading #Lumma #TimelyThreatIntel #Unit42ThreatIntel
Unit42_Intel's tweet image. 2024-09-19 (Thurs): As early as 2024-09-10, this infection chain abuses steamerrorreporter64.exe to side-load vstdlib_s64.dll as a downloader to retrieve & run #LummaStealer. Details at bit.ly/3zrV0yY #DllSideLoading #Lumma #TimelyThreatIntel #Unit42ThreatIntel
Unit42_Intel's tweet image. 2024-09-19 (Thurs): As early as 2024-09-10, this infection chain abuses steamerrorreporter64.exe to side-load vstdlib_s64.dll as a downloader to retrieve & run #LummaStealer. Details at bit.ly/3zrV0yY #DllSideLoading #Lumma #TimelyThreatIntel #Unit42ThreatIntel
3
43
117
37
10K
_UncleHacker_'s profile picture. Security Engineer / CISSP / CEH
Uncle Hacker
 @_UncleHacker_
Oct 20

Salt Typhoon exploited an unpatched Citrix flaw to sideload malicious DLLs and gain footholds in global infrastructure—ensure Citrix patches are applied, enforce DLL signing, and hunt for unknown modules. infosecurity-magazine.com/news/salt-typh… #infosec #Citrix #DLLSideloading #SupplyChain

_UncleHacker_'s tweet card. A cyber intrusion by China-linked group Salt Typhoon has been observed targeting global infrastructure via DLL sideloading
Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack
Source: infosecurity-magazine.com
0
0
0
0
64
k7computing's profile picture. K7 Computing is a world leader in providing high quality #cybersecurity solutions for consumers and businesses. Buy Now: https://t.co/zlaX4y17hx #k7antivirus
K7 Computing
 @k7computing
May 17, 2023

Unveiling the tactics of Mustang Panda APT group exploiting Operamail with DLL sideloading technique. Stay vigilant! @k7computing Read the blog at labs.k7computing.com/index.php/must… #MustangPanda #Operamail #DLLSideloading #Cybersecurity #MaliciousCode #APT #Espionage

k7computing's tweet image. Unveiling the tactics of Mustang Panda APT group exploiting Operamail with DLL sideloading technique. Stay vigilant! @k7computing Read the blog at labs.k7computing.com/index.php/must… #MustangPanda #Operamail #DLLSideloading #Cybersecurity #MaliciousCode #APT #Espionage
0
0
2
0
324
TweetThreatNews's profile picture. 🔍 ThreatResearch 📰 CybersecurityNews 🖥️ RansomMonitor 📂 Cyber Attack 📂 Data Breach 🎥 Youtube
Cybersecurity News Everyday
 @TweetThreatNews
Dec 16

Thai officials targeted by Yokai backdoor using DLL side-loading techniques. Deceptive shortcuts in RAR archives lead to stealthy installations. Node.js exploited for crypto miners too. 🛡️🔍 #YokaiBackdoor #DLLSideLoading #CybersecurityNews link: ift.tt/VuDWlwH

TweetThreatNews's tweet image. Thai officials targeted by Yokai backdoor using DLL side-loading techniques. Deceptive shortcuts in RAR archives lead to stealthy installations. Node.js exploited for crypto miners too. 🛡️🔍 #YokaiBackdoor #DLLSideLoading #CybersecurityNews link: ift.tt/VuDWlwH
0
0
1
0
24
the_yellow_fall's profile picture. Welcome to the Daily Cybersecurity site, your trusted source for cybersecurity news and insights since 2017!
Gray Hats
 @the_yellow_fall
Oct 8

A China-nexus APT, Mustang Panda, is targeting the Tibetan community using DLL sideloading and the EnumFontsW API to launch the stealthy Publoader backdoor and achieve persistence. #MustangPanda #DLLsideloading #EnumFontsW #CyberEspionage #Tibet securityonline.info/mustang-panda-…

the_yellow_fall's tweet card. A China-nexus APT, Mustang Panda, is targeting the Tibetan community using DLL sideloading and the EnumFontsW API to launch the stealthy Publoader backdoor and achieve persistence.
Mustang Panda APT Uses Hidden DLL and EnumFontsW to Launch Stealthy Tibet-Themed Campaign
Source: securityonline.info
0
9
20
4
1K
securitydailyr's profile picture. Everything you need to know about data security, ransomware, data storage, backup & disaster recovery
Daily Security Review
 @securitydailyr
Apr 23, 2023

Researchers are investigating a new ransomware variant called Rorschach with several capabilities, including the ability to encrypt data faster than any other ransomware. #DLLsideloading #Encryption #Rorschach securitydailyreview.com/rorschach-rans…

securitydailyr's tweet image. Researchers are investigating a new ransomware variant called Rorschach with several capabilities, including the ability to encrypt data faster than any other ransomware. #DLLsideloading #Encryption #Rorschach securitydailyreview.com/rorschach-rans…
0
2
3
0
272
CheckPointSW's profile picture. You deserve the best security. Get the protection you need against AI-driven cyber attacks.
Check Point Software
@CheckPointSW
Jun 13, 2024

Ever heard of DLL sideloading? Cyber criminals use this technique to exploit the way Windows loads dynamic link libraries (DLLs) and execute malicious code. Here's how we detected and stopped a #DLLSideloading attack before it could cause any damage: bit.ly/4caku1A

CheckPointSW's tweet image. Ever heard of DLL sideloading? Cyber criminals use this technique to exploit the way Windows loads dynamic link libraries (DLLs) and execute malicious code. Here's how we detected and stopped a #DLLSideloading attack before it could cause any damage: bit.ly/4caku1A
0
0
0
0
613
TweetThreatNews's profile picture. 🔍 ThreatResearch 📰 CybersecurityNews 🖥️ RansomMonitor 📂 Cyber Attack 📂 Data Breach 🎥 Youtube
Cybersecurity News Everyday
 @TweetThreatNews
Jan 23

A new cyber campaign targets German organizations with DLL sideloading and the Sliver implant, starting from spear-phishing emails. APT29's tactics challenge traditional detection systems. 🇩🇪 #Germany #CyberThreats #DLLSideloading link: ift.tt/vZ4x71Q

TweetThreatNews's tweet image. A new cyber campaign targets German organizations with DLL sideloading and the Sliver implant, starting from spear-phishing emails. APT29's tactics challenge traditional detection systems. 🇩🇪 #Germany #CyberThreats #DLLSideloading link: ift.tt/vZ4x71Q
0
0
1
0
62
socradar's profile picture. Your Eyes Beyond 👁 | Transform Your Risk Perspective
SOCRadar®
@socradar
Feb 22, 2024

🔺 Researchers discovered two open-source #PyPI packages leveraged by threat actors to infiltrate systems via #DLLsideloading, evading detection tools and raising #supplychain concerns. 🔗Learn more about #malicious packages & their security implications: socradar.io/rise-of-malici…

socradar's tweet image. 🔺 Researchers discovered two open-source #PyPI packages leveraged by threat actors to infiltrate systems via #DLLsideloading, evading detection tools and raising #supplychain concerns. 🔗Learn more about #malicious packages & their security implications: socradar.io/rise-of-malici…
0
0
1
0
209
c_APT_ure's profile picture. #InfoSec professional, husband & father of two (in random order). #BlueTeam #DFIR #APT #CTI #RedTeaming #BSidesZH (RT/Likes ≠ endorsement) 👀➡️#MalwareChallenge
TomU | I'm still here... til the end 🕊️🇨🇭
 @c_APT_ure
Oct 24

I‘ve seen #DLLsideloading used a lot since March, even in malspam attachs. Most frequently abused is identity_helper.exe (Edge) in different versions. Look at submitted filenames on VT and it‘s easy to spot them.

c_APT_ure's profile picture. #InfoSec professional, husband & father of two (in random order). #BlueTeam #DFIR #APT #CTI #RedTeaming #BSidesZH (RT/Likes ≠ endorsement) 👀➡️#MalwareChallenge
TomU | I'm still here... til the end 🕊️🇨🇭
 @c_APT_ure
Mar 7

#MalwareChallenge How often do you see a #malware attachment with a clean/benign/signed executable using #DLLsideloading that is not part of a red team ex.? Sample on @abuse_ch Bazaar: bazaar.abuse.ch/sample/141148b…

c_APT_ure's tweet image. #MalwareChallenge How often do you see a #malware attachment with a clean/benign/signed executable using #DLLsideloading that is not part of a red team ex.? Sample on @abuse_ch Bazaar: bazaar.abuse.ch/sample/141148b…
c_APT_ure's tweet image. #MalwareChallenge How often do you see a #malware attachment with a clean/benign/signed executable using #DLLsideloading that is not part of a red team ex.? Sample on @abuse_ch Bazaar: bazaar.abuse.ch/sample/141148b…
c_APT_ure's tweet image. #MalwareChallenge How often do you see a #malware attachment with a clean/benign/signed executable using #DLLsideloading that is not part of a red team ex.? Sample on @abuse_ch Bazaar: bazaar.abuse.ch/sample/141148b…
c_APT_ure's tweet image. #MalwareChallenge How often do you see a #malware attachment with a clean/benign/signed executable using #DLLsideloading that is not part of a red team ex.? Sample on @abuse_ch Bazaar: bazaar.abuse.ch/sample/141148b…
2
3
9
6
2K
1
0
1
0
226
_UncleHacker_'s profile picture. Security Engineer / CISSP / CEH
Uncle Hacker
 @_UncleHacker_
Oct 20

Salt Typhoon exploited an unpatched Citrix flaw to sideload malicious DLLs and gain footholds in global infrastructure—ensure Citrix patches are applied, enforce DLL signing, and hunt for unknown modules. infosecurity-magazine.com/news/salt-typh… #infosec #Citrix #DLLSideloading #SupplyChain

_UncleHacker_'s tweet card. A cyber intrusion by China-linked group Salt Typhoon has been observed targeting global infrastructure via DLL sideloading
Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack
Source: infosecurity-magazine.com
0
0
0
0
64
CybleInsights's profile picture. Exploring the ever-evolving world of cybersecurity and digital threats. Stay informed, stay secure. Subscribe to CRIL
CRIL (Cyble Research and Intelligence Labs)
 @CybleInsights
Sep 15

Cyble Research & Intelligence Labs detected Maranhão Stealer, a Node.js–based credential stealer leveraging reflective DLL injection. #Infostealer #DLLSideloading #Reflective #DLLInjection #SocialEngineering #CredentialStealer cyble.com/blog/inside-ma…

CybleInsights's tweet image. Cyble Research & Intelligence Labs detected Maranhão Stealer, a Node.js–based credential stealer leveraging reflective DLL injection. #Infostealer #DLLSideloading #Reflective #DLLInjection #SocialEngineering #CredentialStealer cyble.com/blog/inside-ma…
0
22
50
20
14K
hasamba's profile picture. Computer G33k, Into #Linux #CyberSecurity #DFIR #Threat Intelligence #IT #Tech #Gadgets #privacy #Darkweb
Yaniv Radunsky
 @hasamba
Aug 28

Cephalus ransomware used compromised RDP accounts and DLL sideloading via a legitimate SentinelOne binary to load data.bin containing the payload. Monitor RDP access and executable integrity. #RDP #DLLSideloading #Ransomware huntress.com/blog/cephalus-…

hasamba's tweet card. In mid-August, Huntress saw two incidents that linked back to a ransomware variant called Cephalus, which included DLL sideloading via a legitimate SentinelOne executable.
Cephalus Ransomware: Don’t Lose Your Head | Huntress
Source: huntress.com
0
0
1
0
199
TweetThreatNews's profile picture. 🔍 ThreatResearch 📰 CybersecurityNews 🖥️ RansomMonitor 📂 Cyber Attack 📂 Data Breach 🎥 Youtube
Cybersecurity News Everyday
 @TweetThreatNews
Aug 21

QuirkyLoader, a new malware loader active since Nov 2024, spreads Agent Tesla, AsyncRAT, and Snake Keylogger via email spam targeting Taiwan and Mexico using DLL side-loading and process hollowing. #QuirkyLoader #DLLSideLoading #Taiwan ift.tt/O2iu68o

TweetThreatNews's tweet card. Cybersecurity researchers have uncovered QuirkyLoader, a malware loader used since November 2024 to deliver various malicious payloads via email spam campaigns. The campaigns have targeted organiza...
Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger
Source: hendryadrian.com
0
0
0
0
99
the_yellow_fall's profile picture. Welcome to the Daily Cybersecurity site, your trusted source for cybersecurity news and insights since 2017!
Gray Hats
 @the_yellow_fall
Aug 5

SentinelLABS and Beazley expose PXA Stealer, a Python-based infostealer campaign targeting 62 countries with stealthy DLL sideloading, decoy files, and Telegram-based data exfiltration. #PXAstealer #Infostealer #DLLsideloading #Cybersecurity securityonline.info/new-pxa-steale…

the_yellow_fall's tweet card. SentinelLABS and Beazley expose PXA Stealer, a Python-based infostealer campaign targeting 62 countries with stealthy DLL sideloading, decoy files, and Telegram-based data exfiltration.
New PXA Stealer Campaign Hits 62 Countries with Stealthy DLL Sideloading and Telegram Exfiltration
Source: securityonline.info
0
7
12
2
724
ganeshnathan28's profile picture. HAI ...I WELCOME ALL THALA FANS
ganeshkumar
 @ganeshnathan28
Aug 4

#lnk #dllsideloading #shellcode

blackstormsecbr's profile picture. Blackstorm Security is a highly specialized company on exploit development, reverse engineering, malware analysis and threat hunting.
Blackstorm Security
 @blackstormsecbr
Aug 1

Dropping Elephant APT Group Targets Turkish Defense Industry With New Campaign and Capabilities: LOLBAS, VLC Player, and Encrypted Shellcode: arcticwolf.com/resources/blog… #cybersecurity #apt #threathunting #informationsecurity #malware #shellcode #dfir #reversing

blackstormsecbr's tweet image. Dropping Elephant APT Group Targets Turkish Defense Industry With New Campaign and Capabilities: LOLBAS, VLC Player, and Encrypted Shellcode: arcticwolf.com/resources/blog… #cybersecurity #apt #threathunting #informationsecurity #malware #shellcode #dfir #reversing
0
21
54
14
3K
0
0
0
1
71
ganeshnathan28's profile picture. HAI ...I WELCOME ALL THALA FANS
ganeshkumar
 @ganeshnathan28
Aug 1

#driver #byovd #dllsideloading

virusbtn's profile picture. Security information portal, testing and certification body. Organisers of the annual Virus Bulletin conference. @VirusBulletin@infosec.exchange
Virus Bulletin
 @virusbtn
Aug 1

Check Point Research analysed Storm-2603, a threat actor associated with recent ToolShell exploitations, as well as other Chinese APT groups. Storm-2603 utilizes a custom malware C2 framework, referred to internally by the attacker as “ak47c2”. research.checkpoint.com/2025/before-to…

virusbtn's tweet image. Check Point Research analysed Storm-2603, a threat actor associated with recent ToolShell exploitations, as well as other Chinese APT groups. Storm-2603 utilizes a custom malware C2 framework, referred to internally by the attacker as “ak47c2”. research.checkpoint.com/2025/before-to…
0
22
59
15
3K
0
0
0
1
37
the_yellow_fall's profile picture. Welcome to the Daily Cybersecurity site, your trusted source for cybersecurity news and insights since 2017!
Gray Hats
 @the_yellow_fall
Aug 1

Symantec's report reveals LockBit is using evolved tactics, including DLL sideloading and process masquerading with legitimate executables, to evade detection and deploy payloads. #LockBit #Ransomware #DLLSideloading #Cybersecurity #MalwareAlert securityonline.info/lockbit-ransom…

the_yellow_fall's tweet card. Symantec's report reveals LockBit is using evolved tactics, including DLL sideloading and process masquerading with legitimate executables, to evade detection and deploy payloads.
LockBit Ransomware Evolves: New Stealthy Tactics Use DLL Sideloading & Masquerading to Bypass...
Source: securityonline.info
1
0
0
1
266
the_yellow_fall's profile picture. Welcome to the Daily Cybersecurity site, your trusted source for cybersecurity news and insights since 2017!
Gray Hats
 @the_yellow_fall
Jul 25

Dropping Elephant is targeting Türkiye's defense industry, particularly missile manufacturers, with weaponized conference lures, VLC DLL sideloading, and custom shellcode for intelligence exfiltration. #DroppingElephant #DLLSideloading #APTAttack securityonline.info/dropping-eleph…

the_yellow_fall's tweet card. Dropping Elephant is targeting Türkiye's defense industry, particularly missile manufacturers, with weaponized conference lures, VLC DLL sideloading, and custom shellcode for intelligence exfiltrat...
Dropping Elephant Targets Türkiye's Missile Industry with Stealthy Conference Lures & VLC DLL...
Source: securityonline.info
0
0
0
0
295
ganeshnathan28's profile picture. HAI ...I WELCOME ALL THALA FANS
ganeshkumar
 @ganeshnathan28
Jul 21

#dllsideloading

virusbtn's profile picture. Security information portal, testing and certification body. Organisers of the annual Virus Bulletin conference. @VirusBulletin@infosec.exchange
Virus Bulletin
 @virusbtn
Jul 21

Fortinet's Kuan-Yen Liu & Yen-Ting Lee examine NailaoLocker’s complete technical profile, including its execution flow, encryption and decryption routines, and its use of SM2 cryptography. fortinet.com/blog/threat-re…

virusbtn's tweet image. Fortinet's Kuan-Yen Liu & Yen-Ting Lee examine NailaoLocker’s complete technical profile, including its execution flow, encryption and decryption routines, and its use of SM2 cryptography. fortinet.com/blog/threat-re…
1
23
49
17
3K
0
0
0
0
16
No results for "#dllsideloading"
CybleInsights's profile picture. Exploring the ever-evolving world of cybersecurity and digital threats. Stay informed, stay secure. Subscribe to CRIL
CRIL (Cyble Research and Intelligence Labs)
 @CybleInsights
Sep 15

Cyble Research & Intelligence Labs detected Maranhão Stealer, a Node.js–based credential stealer leveraging reflective DLL injection. #Infostealer #DLLSideloading #Reflective #DLLInjection #SocialEngineering #CredentialStealer cyble.com/blog/inside-ma…

CybleInsights's tweet image. Cyble Research & Intelligence Labs detected Maranhão Stealer, a Node.js–based credential stealer leveraging reflective DLL injection. #Infostealer #DLLSideloading #Reflective #DLLInjection #SocialEngineering #CredentialStealer cyble.com/blog/inside-ma…
0
22
50
20
14K
CybleInsights's profile picture. Exploring the ever-evolving world of cybersecurity and digital threats. Stay informed, stay secure. Subscribe to CRIL
CRIL (Cyble Research and Intelligence Labs)
 @CybleInsights
Jan 17

Cyble analyzes a cyberattack specifically engineered to target German citizens via DLL Sideloading, DLL Proxying, and the use of Sliver. cyble.com/blog/sliver-im… #Cyberattack #Sliver #DLLSideloading #DLLProxying #SocialEngineering

CybleInsights's tweet image. Cyble analyzes a cyberattack specifically engineered to target German citizens via DLL Sideloading, DLL Proxying, and the use of Sliver. cyble.com/blog/sliver-im… #Cyberattack #Sliver #DLLSideloading #DLLProxying #SocialEngineering
1
3
16
4
2K
Unit42_Intel's profile picture. The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
Unit 42
 @Unit42_Intel
May 20

New #ClickFix activity: User is asked to run PowerShell script that retrieves and runs an MSI file in memory. This infection chain performs #DLLSideLoading using legitimate "NVIDIA Notification.exe" to load a malicious DLL named libcef.dll. More info at bit.ly/4krPhLd

Unit42_Intel's tweet image. New #ClickFix activity: User is asked to run PowerShell script that retrieves and runs an MSI file in memory. This infection chain performs #DLLSideLoading using legitimate "NVIDIA Notification.exe" to load a malicious DLL named libcef.dll. More info at bit.ly/4krPhLd
Unit42_Intel's tweet image. New #ClickFix activity: User is asked to run PowerShell script that retrieves and runs an MSI file in memory. This infection chain performs #DLLSideLoading using legitimate "NVIDIA Notification.exe" to load a malicious DLL named libcef.dll. More info at bit.ly/4krPhLd
Unit42_Intel's tweet image. New #ClickFix activity: User is asked to run PowerShell script that retrieves and runs an MSI file in memory. This infection chain performs #DLLSideLoading using legitimate "NVIDIA Notification.exe" to load a malicious DLL named libcef.dll. More info at bit.ly/4krPhLd
2
59
160
63
17K
blueteamsec1's profile picture. The cybersecurity home for the latest #BlueTeam, #DFIR, and #ThreatHunting news and tools.
Blue Team News
@blueteamsec1
Sep 12, 2023

Chimera - Automated DLL Sideloading Tool With EDR Evasion Capabilities #DllSideloading #EdrBypass #OffensiveSecurity #Python3 dlvr.it/Sw1BBg

blueteamsec1's tweet image. Chimera - Automated DLL Sideloading Tool With EDR Evasion Capabilities #DllSideloading #EdrBypass #OffensiveSecurity #Python3 dlvr.it/Sw1BBg
0
8
18
7
3K
Unit42_Intel's profile picture. The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
Unit 42
 @Unit42_Intel
Sep 20, 2024

2024-09-19 (Thurs): As early as 2024-09-10, this infection chain abuses steamerrorreporter64.exe to side-load vstdlib_s64.dll as a downloader to retrieve & run #LummaStealer. Details at bit.ly/3zrV0yY #DllSideLoading #Lumma #TimelyThreatIntel #Unit42ThreatIntel

Unit42_Intel's tweet image. 2024-09-19 (Thurs): As early as 2024-09-10, this infection chain abuses steamerrorreporter64.exe to side-load vstdlib_s64.dll as a downloader to retrieve & run #LummaStealer. Details at bit.ly/3zrV0yY #DllSideLoading #Lumma #TimelyThreatIntel #Unit42ThreatIntel
Unit42_Intel's tweet image. 2024-09-19 (Thurs): As early as 2024-09-10, this infection chain abuses steamerrorreporter64.exe to side-load vstdlib_s64.dll as a downloader to retrieve & run #LummaStealer. Details at bit.ly/3zrV0yY #DllSideLoading #Lumma #TimelyThreatIntel #Unit42ThreatIntel
Unit42_Intel's tweet image. 2024-09-19 (Thurs): As early as 2024-09-10, this infection chain abuses steamerrorreporter64.exe to side-load vstdlib_s64.dll as a downloader to retrieve & run #LummaStealer. Details at bit.ly/3zrV0yY #DllSideLoading #Lumma #TimelyThreatIntel #Unit42ThreatIntel
Unit42_Intel's tweet image. 2024-09-19 (Thurs): As early as 2024-09-10, this infection chain abuses steamerrorreporter64.exe to side-load vstdlib_s64.dll as a downloader to retrieve & run #LummaStealer. Details at bit.ly/3zrV0yY #DllSideLoading #Lumma #TimelyThreatIntel #Unit42ThreatIntel
3
43
117
37
10K
c_APT_ure's profile picture. #InfoSec professional, husband & father of two (in random order). #BlueTeam #DFIR #APT #CTI #RedTeaming #BSidesZH (RT/Likes ≠ endorsement) 👀➡️#MalwareChallenge
TomU | I'm still here... til the end 🕊️🇨🇭
 @c_APT_ure
Jul 5

Here's another one: virustotal.com/gui/file/ed244… RAR > Draft AR2025422_640935546.pdf.exe (signed: appletviewer.exe) malicious DLLs: jli.dll concrt141.dll XWorm C2: hciagriitec.ddns[.]net #DLLsideloading #MalwareChallenge

c_APT_ure's tweet image. Here's another one: virustotal.com/gui/file/ed244… RAR > Draft AR2025422_640935546.pdf.exe (signed: appletviewer.exe) malicious DLLs: jli.dll concrt141.dll XWorm C2: hciagriitec.ddns[.]net #DLLsideloading #MalwareChallenge
c_APT_ure's tweet image. Here's another one: virustotal.com/gui/file/ed244… RAR > Draft AR2025422_640935546.pdf.exe (signed: appletviewer.exe) malicious DLLs: jli.dll concrt141.dll XWorm C2: hciagriitec.ddns[.]net #DLLsideloading #MalwareChallenge
c_APT_ure's tweet image. Here's another one: virustotal.com/gui/file/ed244… RAR > Draft AR2025422_640935546.pdf.exe (signed: appletviewer.exe) malicious DLLs: jli.dll concrt141.dll XWorm C2: hciagriitec.ddns[.]net #DLLsideloading #MalwareChallenge
0
2
3
1
1K
ShanHolo's profile picture. Another blue team member…..#CSIRT #DFIR #Malware #4n6 #ThreatIntel and following the white rabbit...
Shanholo
 @ShanHolo
Dec 5

⚠️#DllSideLoading ☣️firefox.exe/winhttp.dll➡️c2ce2f03afdbc181e74e93e6d9f82def 🔥Low Detection ratio 📡173.194.195.94

ShanHolo's tweet image. ⚠️#DllSideLoading ☣️firefox.exe/winhttp.dll➡️c2ce2f03afdbc181e74e93e6d9f82def 🔥Low Detection ratio 📡173.194.195.94
ShanHolo's profile picture. Another blue team member…..#CSIRT #DFIR #Malware #4n6 #ThreatIntel and following the white rabbit...
Shanholo
 @ShanHolo
Dec 3

🔥#DFIR #CSIRT #Intrusion🔥 1⃣Social engineering Initial access. 2⃣TA leveraged Microsoft Edge to retrieve two dat files from Internet. 3⃣TA archived bot dat files among with a TAR file using command "type". 🫢 4⃣TAR file le contained a malicious DLL masquerading as winhttp.dll.

1
2
0
0
4K
2
4
18
5
2K
Spatil3141's profile picture. #MalwareAnalyst, #ReverseEngineer, #CTI-CyberThreatIntelligence, BlogAuthor Tweets are my opinions and nothing to do with my employer
Swapnil Patil
 @Spatil3141
Apr 17, 2019

#TeamViewer #DLLSideloading #Backdoor FileName: 1C.PDF.WinRAR.pdf.scr (DFBC6BEA6331EB424A65D1C98B7F20AB) Russian Decoy PDF. C2: hxxp://liveupdate.online/command.php

Spatil3141's tweet image. #TeamViewer #DLLSideloading #Backdoor FileName: 1C.PDF.WinRAR.pdf.scr (DFBC6BEA6331EB424A65D1C98B7F20AB) Russian Decoy PDF. C2: hxxp://liveupdate.online/command.php
1
0
0
0
0
k7computing's profile picture. K7 Computing is a world leader in providing high quality #cybersecurity solutions for consumers and businesses. Buy Now: https://t.co/zlaX4y17hx #k7antivirus
K7 Computing
 @k7computing
May 17, 2023

Unveiling the tactics of Mustang Panda APT group exploiting Operamail with DLL sideloading technique. Stay vigilant! @k7computing Read the blog at labs.k7computing.com/index.php/must… #MustangPanda #Operamail #DLLSideloading #Cybersecurity #MaliciousCode #APT #Espionage

k7computing's tweet image. Unveiling the tactics of Mustang Panda APT group exploiting Operamail with DLL sideloading technique. Stay vigilant! @k7computing Read the blog at labs.k7computing.com/index.php/must… #MustangPanda #Operamail #DLLSideloading #Cybersecurity #MaliciousCode #APT #Espionage
0
0
2
0
324
c_APT_ure's profile picture. #InfoSec professional, husband & father of two (in random order). #BlueTeam #DFIR #APT #CTI #RedTeaming #BSidesZH (RT/Likes ≠ endorsement) 👀➡️#MalwareChallenge
TomU | I'm still here... til the end 🕊️🇨🇭
 @c_APT_ure
Jul 4

Here some #DLLsideloading samples from recent months pastebin.com/raw/Kq7Dfdwc Is someone already making a list of abused DLL-sideloadable EXEs? (Part of LOLbins?) Adding #MalwareChallenge just in case anyone monitors that tag 😜

c_APT_ure's tweet image. Here some #DLLsideloading samples from recent months pastebin.com/raw/Kq7Dfdwc Is someone already making a list of abused DLL-sideloadable EXEs? (Part of LOLbins?) Adding #MalwareChallenge just in case anyone monitors that tag 😜
c_APT_ure's tweet image. Here some #DLLsideloading samples from recent months pastebin.com/raw/Kq7Dfdwc Is someone already making a list of abused DLL-sideloadable EXEs? (Part of LOLbins?) Adding #MalwareChallenge just in case anyone monitors that tag 😜
1
2
2
3
759
c_APT_ure's profile picture. #InfoSec professional, husband & father of two (in random order). #BlueTeam #DFIR #APT #CTI #RedTeaming #BSidesZH (RT/Likes ≠ endorsement) 👀➡️#MalwareChallenge
TomU | I'm still here... til the end 🕊️🇨🇭
 @c_APT_ure
Mar 7

#MalwareChallenge How often do you see a #malware attachment with a clean/benign/signed executable using #DLLsideloading that is not part of a red team ex.? Sample on @abuse_ch Bazaar: bazaar.abuse.ch/sample/141148b…

c_APT_ure's tweet image. #MalwareChallenge How often do you see a #malware attachment with a clean/benign/signed executable using #DLLsideloading that is not part of a red team ex.? Sample on @abuse_ch Bazaar: bazaar.abuse.ch/sample/141148b…
c_APT_ure's tweet image. #MalwareChallenge How often do you see a #malware attachment with a clean/benign/signed executable using #DLLsideloading that is not part of a red team ex.? Sample on @abuse_ch Bazaar: bazaar.abuse.ch/sample/141148b…
c_APT_ure's tweet image. #MalwareChallenge How often do you see a #malware attachment with a clean/benign/signed executable using #DLLsideloading that is not part of a red team ex.? Sample on @abuse_ch Bazaar: bazaar.abuse.ch/sample/141148b…
c_APT_ure's tweet image. #MalwareChallenge How often do you see a #malware attachment with a clean/benign/signed executable using #DLLsideloading that is not part of a red team ex.? Sample on @abuse_ch Bazaar: bazaar.abuse.ch/sample/141148b…
2
3
9
6
2K
Richard_S81's profile picture. CIO/CSO/CISO/IT-IS-AI- DATA-Cyber Leader | @clusis_Suisse @CESIN_France | @LegionEtrangere | @Gendarmerie 🗣️🇺🇸 🇫🇷
Richard S.
@Richard_S81
May 7, 2023

#Hacking #APT #DLLSideloading #DragonBreath #Gambling #Vulnerability #Malware #CyberCrime #CyberAttack #CyberAttack An APT group tracked as Dragon Breath has been observed employing a new DLL sideloading technique. news.sophos.com/en-us/2023/05/…

Richard_S81's tweet image. #Hacking #APT #DLLSideloading #DragonBreath #Gambling #Vulnerability #Malware #CyberCrime #CyberAttack #CyberAttack An APT group tracked as Dragon Breath has been observed employing a new DLL sideloading technique. news.sophos.com/en-us/2023/05/…
0
1
2
0
214
securitydailyr's profile picture. Everything you need to know about data security, ransomware, data storage, backup & disaster recovery
Daily Security Review
 @securitydailyr
Apr 23, 2023

Researchers are investigating a new ransomware variant called Rorschach with several capabilities, including the ability to encrypt data faster than any other ransomware. #DLLsideloading #Encryption #Rorschach securitydailyreview.com/rorschach-rans…

securitydailyr's tweet image. Researchers are investigating a new ransomware variant called Rorschach with several capabilities, including the ability to encrypt data faster than any other ransomware. #DLLsideloading #Encryption #Rorschach securitydailyreview.com/rorschach-rans…
0
2
3
0
272
TweetThreatNews's profile picture. 🔍 ThreatResearch 📰 CybersecurityNews 🖥️ RansomMonitor 📂 Cyber Attack 📂 Data Breach 🎥 Youtube
Cybersecurity News Everyday
 @TweetThreatNews
Dec 16

Thai officials targeted by Yokai backdoor using DLL side-loading techniques. Deceptive shortcuts in RAR archives lead to stealthy installations. Node.js exploited for crypto miners too. 🛡️🔍 #YokaiBackdoor #DLLSideLoading #CybersecurityNews link: ift.tt/VuDWlwH

TweetThreatNews's tweet image. Thai officials targeted by Yokai backdoor using DLL side-loading techniques. Deceptive shortcuts in RAR archives lead to stealthy installations. Node.js exploited for crypto miners too. 🛡️🔍 #YokaiBackdoor #DLLSideLoading #CybersecurityNews link: ift.tt/VuDWlwH
0
0
1
0
24
CheckPointSW's profile picture. You deserve the best security. Get the protection you need against AI-driven cyber attacks.
Check Point Software
@CheckPointSW
Jun 13, 2024

Ever heard of DLL sideloading? Cyber criminals use this technique to exploit the way Windows loads dynamic link libraries (DLLs) and execute malicious code. Here's how we detected and stopped a #DLLSideloading attack before it could cause any damage: bit.ly/4caku1A

CheckPointSW's tweet image. Ever heard of DLL sideloading? Cyber criminals use this technique to exploit the way Windows loads dynamic link libraries (DLLs) and execute malicious code. Here's how we detected and stopped a #DLLSideloading attack before it could cause any damage: bit.ly/4caku1A
0
0
0
0
613
TweetThreatNews's profile picture. 🔍 ThreatResearch 📰 CybersecurityNews 🖥️ RansomMonitor 📂 Cyber Attack 📂 Data Breach 🎥 Youtube
Cybersecurity News Everyday
 @TweetThreatNews
Jan 23

A new cyber campaign targets German organizations with DLL sideloading and the Sliver implant, starting from spear-phishing emails. APT29's tactics challenge traditional detection systems. 🇩🇪 #Germany #CyberThreats #DLLSideloading link: ift.tt/vZ4x71Q

TweetThreatNews's tweet image. A new cyber campaign targets German organizations with DLL sideloading and the Sliver implant, starting from spear-phishing emails. APT29's tactics challenge traditional detection systems. 🇩🇪 #Germany #CyberThreats #DLLSideloading link: ift.tt/vZ4x71Q
0
0
1
0
62
socradar's profile picture. Your Eyes Beyond 👁 | Transform Your Risk Perspective
SOCRadar®
@socradar
Feb 22, 2024

🔺 Researchers discovered two open-source #PyPI packages leveraged by threat actors to infiltrate systems via #DLLsideloading, evading detection tools and raising #supplychain concerns. 🔗Learn more about #malicious packages & their security implications: socradar.io/rise-of-malici…

socradar's tweet image. 🔺 Researchers discovered two open-source #PyPI packages leveraged by threat actors to infiltrate systems via #DLLsideloading, evading detection tools and raising #supplychain concerns. 🔗Learn more about #malicious packages & their security implications: socradar.io/rise-of-malici…
0
0
1
0
209
J0SM1's profile picture. Lab52 team leader #malware #DFIR #forensics #yara #threatIntelligence @securityartwork @s2grupo
JoseMi
 @J0SM1
Jun 2, 2020

Mustang Panda Recent Activity: Dll-Sideloading trojans with temporal C2 servers #apt #mustangpanda #dllsideloading lab52.io/blog/mustang-p…

J0SM1's tweet image. Mustang Panda Recent Activity: Dll-Sideloading trojans with temporal C2 servers #apt #mustangpanda #dllsideloading lab52.io/blog/mustang-p…
0
3
7
1
0

Something went wrong.


Something went wrong.


United States Trends