TDSSKiller Execution To Terminate Critical Services

Rule Info

Name
TDSSKiller Execution To Terminate Critical Services
Author
Nasreddine Bencherchali (Nextron Systems), X__Junior (Nextron Systems)
Description
Detects the execution of TDSSKiller in order to stop and terminate critical Windows services such as Antivirus and EDRs.
Reference
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/lockbit-ransomware-silently-disables-edr-using-tdsskiller
Date
2024-01-30 00:00:00
Modified
None
Id
66089628-b48f-4787-9a94-d6df22c0ea4e
Tags
attack.execution attack.defense_evasion attack.t1562.001
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022