Skip to content

Hide Navigation Hide TOC

Potential Linux Process Code Injection Via DD Utility (4cad6c64-d6df-42d6-8dae-eb78defdc415)

Detects the injection of code by overwriting the memory map of a Linux process using the "dd" Linux command.

Cluster A Galaxy A Cluster B Galaxy B Level
Proc Memory - T1055.009 (d201d4cc-214d-4a74-a1ba-b3fa09fd4591) Attack Pattern Potential Linux Process Code Injection Via DD Utility (4cad6c64-d6df-42d6-8dae-eb78defdc415) Sigma-Rules 1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Proc Memory - T1055.009 (d201d4cc-214d-4a74-a1ba-b3fa09fd4591) Attack Pattern 2