LightsOut - Generate An Obfuscated DLL That Will Disable AMSI And ETW - RedPacket Security
Tags
attack-pattern: | Hardware - T1592.001 Powershell - T1059.001 Tool - T1588.002 Powershell - T1086 |
Common Information
Type | Value |
---|---|
UUID | f5cba015-b830-4403-8d5b-4d8e8e2c18cd |
Fingerprint | e4ad031a186fefa0 |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Nov. 19, 2023, 10:02 p.m. |
Added to db | Nov. 20, 2023, 1:29 a.m. |
Last updated | Nov. 17, 2024, 11:40 p.m. |
Headline | LightsOut – Generate An Obfuscated DLL That Will Disable AMSI And ETW |
Title | LightsOut - Generate An Obfuscated DLL That Will Disable AMSI And ETW - RedPacket Security |
Detected Hints/Tags/Attributes | 15/1/9 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 361 | ✔ | RedPacket Security | https://www.redpacketsecurity.com/feed/ | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 1 | lightsout.py |
|
Details | Domain | 3 | rastamouse.me |
|
Details | Domain | 2 | ethicalchaos.dev |
|
Details | Domain | 4128 | github.com |
|
Details | File | 1 | lightsout.py |
|
Details | Github username | 2 | rad9800 |
|
Details | Url | 2 | https://rastamouse.me/memory-patching-amsi-bypass |
|
Details | Url | 1 | https://ethicalchaos.dev/2022/04/17/in-process-patchless-amsi-bypass |
|
Details | Url | 1 | https://github.com/rad9800/misc/tree/main/hooks |