Common Information
| Type | Value |
|---|---|
| Value |
Pre-OS Boot - T1542 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may abuse Pre-OS Boot mechanisms as a way to establish persistence on a system. During the booting process of a computer, firmware and various startup services are loaded before the operating system. These programs control flow of execution before the operating system takes control.(Citation: Wikipedia Booting) Adversaries may overwrite data in boot drivers or firmware such as BIOS (Basic Input/Output System) and The Unified Extensible Firmware Interface (UEFI) to persist on systems at a layer below the operating system. This can be particularly difficult to detect as malware at this level will not be detected by host software-based defenses. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-14 | 72 | Weekly Intelligence Report - 15 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2023-12-06 | 198 | Russia/Ukraine Update - December 2023 | ||
| Details | Website | 2023-09-15 | 816 | UNC3944: SMS Phishing, SIM Swapping, and Ransomware Attacks | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2023-03-01 | 103 | BlackLotus UEFI bootkit: Myth confirmed | WeLiveSecurity | ||
| Details | Website | 2022-09-15 | 73 | From the Front Lines | Slam! Anatomy of a Publicly-Available Ransomware Builder | ||
| Details | Website | 2022-08-02 | 57 | Anomali Cyber Watch: Velvet Chollima Steals Emails from Browsers, Austrian Mercenary Leverages Zero-Days, China-Sponsored Group Uses CosmicStrand UEFI Firmware Rootkit, and More | ||
| Details | Website | 2022-04-28 | 84 | An Overview of the Increasing Wiper Malware Threat | FortiGuard Labs | ||
| Details | Website | 2020-12-03 | 37 | Persist, Brick, Profit -TrickBot Offers New “TrickBoot” UEFI-Focused Functionality |