S0364Windows

S0364RawDisk

Platforms
1
ATT&CK
14.1
References
3

Description

[RawDisk](https://attack.mitre.org/software/S0364) is a legitimate commercial driver from the EldoS Corporation that is used for interacting with files, disks, and partitions. The driver allows for direct modification of data on a local computer's hard drive. In some cases, the tool can enact these raw disk modifications from user-mode processes, circumventing Windows operating system security features.(Citation: EldoS RawDisk ITpro)(Citation: Novetta Blockbuster Destructive Malware)

Platforms· 1

Windows

References

  1. https://attack.mitre.org/software/S0364
  2. https://www.itprotoday.com/windows-78/eldos-provides-raw-disk-access-vista-and-xp
  3. https://web.archive.org/web/20160303200515/https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Sub-technique
Disk Content Wipe
Software
KillDisk
Software
Pandora
Software
HIDEDRV
Software
RawPOS
LOLbin
Dump64.exe
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.