Modification of ld.so.preload (4b3cb710-5e83-4715-8c45-8b2b5b3e5751)

Identifies modification of ld.so.preload for shared object injection. This technique is used by attackers to load arbitrary code into processes.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825)	Attack Pattern	Modification of ld.so.preload (4b3cb710-5e83-4715-8c45-8b2b5b3e5751)	Sigma-Rules	1
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825)	Attack Pattern	2