Skip to content

Hide Navigation Hide TOC

Potential JLI.dll Side-Loading (7a3b6d1f-4a2b-4f8c-9d7e-e9f8cbf21a35)

Detects potential DLL side-loading of jli.dll. JLI.dll has been observed being side-loaded by Java processes by various threat actors, including APT41, XWorm, and others in order to load malicious payloads in context of legitimate Java processes.

Cluster A Galaxy A Cluster B Galaxy B Level
Potential JLI.dll Side-Loading (7a3b6d1f-4a2b-4f8c-9d7e-e9f8cbf21a35) Sigma-Rules DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 1
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2