Home/ MITRE Matrix/ Defense Evasion/ T1574.006

T1574.006Dynamic Linker Hijacking

T1574.006 — Dynamic Linker Hijacking is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 7 detection use cases covering it and 2 threat-intel articles citing it.

Defense EvasionExecution

View on the matrix → Filter Detection Library MITRE official spec ↗

7Use cases

2Articles

0Sub-techniques

2Tactics

↑ Parent technique: T1574 · Hijack Execution Flow

Use cases covering this technique (7)

GitHub Workflow File Creation or Modification ESCU actions · hunting P Linux Auditd Preload Hijack Library Calls ESCU actions · alerting P Linux Auditd Preload Hijack Via Preload File ESCU actions · alerting P Linux Preload Hijack Library Calls ESCU actions · alerting P Shai-Hulud Workflow File Creation or Modification ESCU actions · alerting P [LLM] perfctl rootkit — /etc/ld.so.preload write or LD_PRELOAD on root daemon Bespoke install · alerting DSΣPDDCS [LLM] sshd loads compromised liblzma.so.5.6.0 / 5.6.1 (CVE-2024-3094 runtime trigger) Bespoke install · alerting DSΣPDDCS

Articles citing this technique (2)

crit What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant art-180

crit The XZ backdoor CVE-2024-3094 art-1266