Potential U3BoostSvrLOC.DLL Sideloading

Rule Info

Name
Potential U3BoostSvrLOC.DLL Sideloading
Author
MalGamy (Nextron Systems)
Description
Detects potential DLL sideloading of "u3boostSvrloc.dll", a technique where attackers place a malicious DLL alongside a legitimate vulnerable application to evade detection, gain persistence, and execute malicious code
Reference
https://www.trendmicro.com/fr_fr/research/25/b/updated-shadowpad-malware-leads-to-ransomware-deployment.html
Date
2025-02-26 00:00:00
Modified
None
Id
fb37c7a9-f09f-4aec-918d-7b5159a9b08b
Tags
attack.defense-evasion attack.privilege-escalation attack.t1574.001 attack.t1574.002
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022