Shared Modules (T1129)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Shared Modules

Associated Tactics

  • Execution

Execution (TA0002)

The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.

View on ATT&CK

Procedure Examples

Description Source(s)
Alex Turing, Hui Wang. (2021, April 28). RotaJakiro: A long live secret backdoor with 0 VT detection. Retrieved June 14, 2023. RotaJakiro 2021 netlab360 analysis
Apple. (2012, July 23). Overview of Dynamic Libraries. Retrieved September 7, 2023. Apple Dev Dynamic Libraries
Erye Hernandez and Danny Tsechansky. (2017, June 22). The New and Improved macOS Backdoor from OceanLotus. Retrieved September 8, 2023. Unit42 OceanLotus 2017
Microsoft. (2023, April 28). What is a DLL. Retrieved September 7, 2023. Microsoft DLL
Wheeler, D. (2003, April 11). Shared Libraries. Retrieved September 7, 2023. Linux Shared Libraries