Antivirus Hacktool Detection (fa0c05b6-8ad3-468d-8231-c1cbccb64fba)
Detects a highly relevant Antivirus alert that reports a hack tool or other attack tool. This event must not be ignored just because the AV has blocked the malware but investigate, how it came there in the first place.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) | Attack Pattern | Antivirus Hacktool Detection (fa0c05b6-8ad3-468d-8231-c1cbccb64fba) | Sigma-Rules | 1 |