Hacktool Nifo Usage

Rule Info

Name
Hacktool Nifo Usage
Author
Florian Roth
Description
Detects Nifo - a tool that disables Windows AV/EDR software by corrupting their files offline via physical access
Reference
https://github.com/lkarlslund/nifo
Date
2024-10-27 00:00:00
Modified
None
Id
a1a8c07c-e50e-4f02-b55c-41d7ad1be4d9
Tags
attack.t1562.001 attack.defense-evasion
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022