Added JRTools.dll, roboform.dll, roboform-x64.dll, and MidLrtMd.dll sideloads

yml/3rd_party/jriver/jrtools.yml

@@ -0,0 +1,17 @@
+---
+Name: jrtools.dll
+Author: Rick Gatenby
+Created: 2026-02-03
+Vendor: JRiver
+ExpectedLocations:
+  - '%PROGRAMFILES%\J River\Media Center %VERSION%'
+VulnerableExecutables:
+  - Path: '%PROGRAMFILES%\J River\Media Center %VERSION%\JRService.exe'
+    Type: Sideloading
+    SHA256:
+      - 2965b9b76bd62fc7ca9e977b09793f37241bf2bf27fe6ced55a3bc569d345038
+Resources:
+  - https://ventdrop.github.io/posts/jriver/
+Acknowledgements:
+  - Name: Rick Gatenby
+    Company: CyberCX

yml/3rd_party/sibersystems/roboform-x64.yml

@@ -0,0 +1,18 @@
+---
+Name: roboform-x64.dll
+Author: Rick Gatenby
+Created: 2026-02-03
+Vendor: Siber Systems
+ExpectedLocations:
+  - '%PROGRAMFILES%\Siber Systems\AI RoboForm\%VERSION%'
+VulnerableExecutables:
+  - Path: '%PROGRAMFILES%\Siber Systems\AI RoboForm\%VERSION%\robotaskbaricon-x64.exe'
+    Type: Sideloading
+    SHA256:
+      - 4f0d9b837001893dc083bcc77c709ea07ad1d0a48657c154760f996d16155f08
+Resources:
+  - https://www.trendmicro.com/en_us/research/25/b/updated-shadowpad-malware-leads-to-ransomware-deployment.html
+  - https://github.com/SigmaHQ/sigma/blob/master/rules/windows/image_load/image_load_side_load_robform.yml
+Acknowledgements:
+  - Name: Rick Gatenby
+    Company: CyberCX

yml/3rd_party/sibersystems/roboform.yml

@@ -0,0 +1,18 @@
+---
+Name: roboform.dll
+Author: Rick Gatenby
+Created: 2026-02-03
+Vendor: Siber Systems
+ExpectedLocations:
+  - '%PROGRAMFILES%\Siber Systems\AI RoboForm'
+VulnerableExecutables:
+  - Path: '%PROGRAMFILES%\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe'
+    Type: Sideloading
+    SHA256:
+      - aa1233393dded792b74e334c50849c477c4b86838b32ef45d6ab0dc36b4511e3
+Resources:
+  - https://www.trendmicro.com/en_us/research/25/b/updated-shadowpad-malware-leads-to-ransomware-deployment.html
+  - https://github.com/SigmaHQ/sigma/blob/master/rules/windows/image_load/image_load_side_load_robform.yml
+Acknowledgements:
+  - Name: Rick Gatenby
+    Company: CyberCX

yml/microsoft/external/midlrtmd.yml

@@ -0,0 +1,23 @@
+---
+Name: midlrtmd.dll
+Author: Rick Gatenby
+Created: 2026-02-03
+Vendor: Microsoft
+ExpectedLocations:
+  - '%PROGRAMFILES%\Windows Kits\%VERSION%\bin\%VERSION%\x64\mdmerge.exe'
+  - '%PROGRAMFILES%\Windows Kits\%VERSION%\bin\%VERSION%\x86\mdmerge.exe'
+VulnerableExecutables:
+  - Path: 'mdmerge.exe'
+    Type: Sideloading
+    ExpectedVersionInformation:
+      - OriginalFilename: 'mdmerge.exe'
+        FileDescription: 'Microsoft MDMERGE Utility'
+    SHA256:
+      - ac9f2ae9de5126691b9391c990f9d4f1c25afa912fbfda2d4abfe9f9057bdd8c
+Resources:
+  - https://www.crowdstrike.com/en-us/blog/new-supply-chain-attack-leverages-comm100-chat-installer
+  - https://jsac.jpcert.or.jp/archive/2024/pdf/JSAC2024_1_7_hara_nakajima_kawakami_en.pdf
+  - https://x.com/Cyberteam008/status/1858703453981450712
+Acknowledgements:
+  - Name: Rick Gatenby
+    Company: CyberCX