Spawn elevated CastOut MBR wiper via UAC prompt

WARNING: This technique will destroy the disk. Uses UAC prompt to run CastOut will elevated privileges. CastOut is an MBR wiper that overwrite the first 512 bytes of \\.\PhysicalDrive0 with a string found in DarkSeoul (Lazarus/APT28) wipers.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
APT38 DarkSeoul


Destructive Master Boot Record (MBR) wiper malware.