This detection rule identifies the misuse of the 'dd' command on Linux systems, which is often used by adversaries to irreversibly overwrite files. Utilizing Endpoint Detection and Response (EDR) data, this rule analyzes process execution logs for instances where the 'dd' command is invoked with options that modify files ('of='), indicating possible data destruction activity. As this behavior can lead to significant disruptions and data loss, confirming such instances is crucial for incident response. The detection is contingent on the command-line logging capability of the EDR agents and effectively contributes to monitoring for malicious activities that threaten system integrity.