Skip to content

Hide Navigation Hide TOC

PUA - DefenderCheck Execution (f0ca6c24-3225-47d5-b1f5-352bf07ecfa7)

Detects the use of DefenderCheck, a tool to evaluate the signatures used in Microsoft Defender. It can be used to figure out the strings / byte chains used in Microsoft Defender to detect a tool and thus used for AV evasion.

Cluster A Galaxy A Cluster B Galaxy B Level
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern PUA - DefenderCheck Execution (f0ca6c24-3225-47d5-b1f5-352bf07ecfa7) Sigma-Rules 1
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2