An analysis by security researchers has uncovered the existence of a new tool called EDRKillShifter, which is used by threat actors to disable endpoint protection software during ransomware attacks. The tool is designed to terminate antivirus and endpoint detection and response (EDR) solutions on targeted systems, paving the way for the deployment of ransomware payloads. EDRKillShifter works as a loader, delivering various malicious drivers that exploit vulnerabilities to gain elevated privileges and unhook security protections. Author: AlienVault
Related Tags:
edr evasion
driver exploitation
EDRKillShifter
RansomHub
T1547.003
T1569.002
T1547.009
T1543.003
T1543.001
Associated Indicators:
null