Intel Name: Silent threat: red team tool edrsilencer disrupting endpoint security solutions
Date of Scan: October 16, 2024
Impact: High
Summary: The Trend Micro Threat Hunting Team recently found EDRSilencer, a red team tool designed to disrupt endpoint detection and response solutions using the Windows Filtering Platform. Internal telemetry indicated that threat actors are repurposing it to evade detection during their attacks. EDRSilencer obstructs telemetry transmission to EDR management consoles, hindering malware identification and removal. It dynamically identifies running EDR processes and creates WFP filters to block their outbound communication, even affecting processes not on its hardcoded list during testing.