Skip to content

Hide Navigation Hide TOC

Potential Mpclient.DLL Sideloading Via Defender Binaries (7002aa10-b8d4-47ae-b5ba-51ab07e228b9)

Detects potential sideloading of "mpclient.dll" by Windows Defender processes ("MpCmdRun" and "NisSrv") from their non-default directory.

Cluster A Galaxy A Cluster B Galaxy B Level
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Potential Mpclient.DLL Sideloading Via Defender Binaries (7002aa10-b8d4-47ae-b5ba-51ab07e228b9) Sigma-Rules 1
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2