HackTool - EDRSilencer Execution - Filter Added (98054878-5eab-434c-85d4-72d4e5a3361b)
Detects execution of EDRSilencer, a tool that abuses the Windows Filtering Platform (WFP) to block the outbound traffic of running EDR agents based on specific hardcoded filter names.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| HackTool - EDRSilencer Execution - Filter Added (98054878-5eab-434c-85d4-72d4e5a3361b) | Sigma-Rules | Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) | Attack Pattern | 1 |