Skip to content

Hide Navigation Hide TOC

PUA - Kernel Driver Utility (KDU) Execution (e76ca062-4de0-4d79-8d90-160a0d335eca)

Detects execution of the Kernel Driver Utility (KDU) tool. KDU can be used to bypass driver signature enforcement and load unsigned or malicious drivers into the Windows kernel. Potentially allowing for privilege escalation, persistence, or evasion of security controls.

Cluster A Galaxy A Cluster B Galaxy B Level
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern PUA - Kernel Driver Utility (KDU) Execution (e76ca062-4de0-4d79-8d90-160a0d335eca) Sigma-Rules 1
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2