Potential Deelevator64.DLL Sideloading

Rule Info

Name
Potential Deelevator64.DLL Sideloading
Author
MalGamy (Nextron System)
Description
Detects potential DLL sideloading of "deelevator64.dll"
Reference
https://unit42.paloaltonetworks.com/threat-brief-ivanti-cve-2025-0282-cve-2025-0283/
Date
2025-01-20 00:00:00
Modified
None
Id
23880819-c2a3-4c43-8a74-99cb6b5fdfd0
Tags
attack.defense-evasion attack.privilege-escalation attack.t1574.001 attack.t1574.002
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022