Acheron - Indirect Syscalls For AV/EDR Evasion In Go Assembly - RedPacket Security
Tags
| cmtmf-attack-pattern: | Process Injection |
| attack-pattern: | Direct Indirect Process Injection - T1631 Connection Proxy - T1090 Process Injection - T1055 |
Common Information
| Type | Value |
|---|---|
| UUID | 78cb27a0-30c2-4eef-91c4-d3fc08c6b1fe |
| Fingerprint | 3a3bd91398662ca1 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 23, 2023, 10:01 p.m. |
| Added to db | May 23, 2023, 11:18 p.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | RedPacket Security |
| Title | Acheron - Indirect Syscalls For AV/EDR Evasion In Go Assembly - RedPacket Security |
| Detected Hints/Tags/Attributes | 20/2/30 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 361 | ✔ | RedPacket Security | https://www.redpacketsecurity.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 1 | acheron.new |
|
| Details | Domain | 1 | sektor7.net |
|
| Details | Domain | 1 | halosgate.md |
|
| Details | Domain | 2 | winternl.com |
|
| Details | Domain | 113 | www.usenix.org |
|
| Details | Domain | 4 | redops.at |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 1 | acheron.sys |
|
| Details | File | 1 | ach.sys |
|
| Details | File | 1 | p154-bhansali.pdf |
|
| Details | Github username | 1 | f1zm0 |
|
| Details | Github username | 1 | am0nsec |
|
| Details | Github username | 1 | trickster0 |
|
| Details | Github username | 3 | klezvirus |
|
| Details | Github username | 1 | crummie5 |
|
| Details | Github username | 2 | boku7 |
|
| Details | Github username | 4 | theflink |
|
| Details | Github username | 2 | c-sto |
|
| Details | Url | 1 | https://github.com/am0nsec/hellsgate |
|
| Details | Url | 1 | https://sektor7.net/#!res/2021/halosgate.md |
|
| Details | Url | 1 | https://github.com/trickster0/tartarusgate |
|
| Details | Url | 1 | https://github.com/klezvirus/syswhispers3 |
|
| Details | Url | 1 | https://github.com/crummie5/freshycalls |
|
| Details | Url | 1 | https://github.com/boku7/asmhalosgate |
|
| Details | Url | 1 | https://github.com/theflink/recycledgate |
|
| Details | Url | 1 | https://github.com/c-sto/bananaphone |
|
| Details | Url | 2 | https://winternl.com/detecting-manual-syscalls-from-user-mode |
|
| Details | Url | 1 | https://www.usenix.org/legacy/events/vee06/full_papers/p154-bhansali.pdf |
|
| Details | Url | 2 | https://redops.at/en/blog/direct-syscalls-a-journey-from-high-to-low |