HackTool - EDRSilencer Execution (eb2d07d4-49cb-4523-801a-da002df36602)
Detects the execution of EDRSilencer, a tool that leverages Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server based on PE metadata information.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) | Attack Pattern | HackTool - EDRSilencer Execution (eb2d07d4-49cb-4523-801a-da002df36602) | Sigma-Rules | 1 |