APT / THREAT GROUP
defendnot
2
aliases
Last seen:Jun 12, 2026
Intelligence Profile
According to its author, defendnot uses an undocumented Windows Security Center (WSC) API that is meant for antivirus software to notify Defender of their presence, with the goal of getting Defender to disable itself.
Threat Analysis
defendnot is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
win.defendnotdefendnot
External Intelligence
Malpedia: win.defendnotResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.