EDRKillShifter (1233436f-2a00-4557-89a4-8cbc45e6f9f7)
EDRKillShifter is a suspected threat actor-developed tool that is designed to disable victim endpoint detection & response (EDR) software. In August 2024, security researchers reported that the RansomHub ransomware group had deployed EDRKillShifter during attacks in May. The researchers also noted that EDRKillShifter primarily functions as a loader for payloads that could vary. This object mainly reflects ATT&CK Techniques associated with observed EDRKillShifter loader and payload deployments reported in August 2024.[Sophos News August 14 2024]