Skip to content

Hide Navigation Hide TOC

DHCP Callout DLL Installation (9d3436ef-9476-4c43-acca-90ce06bdf33a)

Detects the installation of a Callout DLL via CalloutDlls and CalloutEnabled parameter in Registry, which can be used to execute code in context of the DHCP server (restart required)

Cluster A Galaxy A Cluster B Galaxy B Level
DHCP Callout DLL Installation (9d3436ef-9476-4c43-acca-90ce06bdf33a) Sigma-Rules Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 1
DHCP Callout DLL Installation (9d3436ef-9476-4c43-acca-90ce06bdf33a) Sigma-Rules DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern 1
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2