← Back to Explore
T1574.008
Path Interception by Search Order Hijacking
Adversaries may execute their own malicious payloads by hijacking the search order used to load other programs. Because some programs do not call other programs using the full path, adversaries may place their own file in the directory where the calling program is located, causing the operating system to launch their malicious software at the request of the calling program. Search order hijacking occurs when an adversary abuses the order in which Windows searches for programs that are not given...
Windows
2
Detections
2
Sources
0
Threat Actors
BY SOURCE
1elastic1sigma
PROCEDURES (2)
General Monitoring1 detections
Auto-extracted: 1 detections for general monitoring
Process Creation Monitoring1 detections
Auto-extracted: 1 detections for process creation monitoring